rezometz/re2o
8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-16 08:23:12 +00:00
Code Issues Releases Wiki Activity

lets be sure that api permissions wont trigger on functional views

Browse source
This commit is contained in:
chapeau 2020-11-29 18:19:46 +01:00 committed by Hugo Levy-Falk
parent ba9d5211b9
commit 5a79ffb0f5
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
api/permissions.py
View file

@ -239,6 +239,9 @@ class AutodetectACLPermission(permissions.BasePermission):
if getattr(view, "_ignore_model_permissions", False): if getattr(view, "_ignore_model_permissions", False):
return True return True
if not getattr(view, "queryset", getattr(view, "get_queryset", None)):
return True
if not request.user or not request.user.is_authenticated: if not request.user or not request.user.is_authenticated:
return False return False
@ -273,7 +276,8 @@ class AutodetectACLPermission(permissions.BasePermission):
# they have read permissions to see 403, or not, and simply see # they have read permissions to see 403, or not, and simply see
# a 404 response. # a 404 response.
SAFE_METHODS = ("GET", "OPTIONS", "HEAD", "POST", "PUT", "PATCH", "DELETE") SAFE_METHODS = ("GET", "OPTIONS", "HEAD",
"POST", "PUT", "PATCH", "DELETE")
if request.method in SAFE_METHODS: if request.method in SAFE_METHODS:
# Read permissions already checked and failed, no need # Read permissions already checked and failed, no need