Merge branch 'fix_api_permissions_queryset_property_access' into 'dev'

Fix accessing view queryset property in api/permissions.py See merge request re2o/re2o!583
2024-11-04 17:06:27 +00:00 · 2021-01-06 23:59:59 +01:00 · 2021-01-06 23:59:59 +01:00 · 6a0c18d180
commit 6a0c18d180
parent be8e6925af 39b6e8507e
1 changed files with 1 additions and 1 deletions
--- a/api/permissions.py
+++ b/api/permissions.py
@ -241,7 +241,7 @@ class AutodetectACLPermission(permissions.BasePermission):

        # Bypass permission verifications if it is a functional view
        # (permissions are handled by ACL)
-        if not getattr(view, "queryset", getattr(view, "get_queryset", None)):
+        if not hasattr(view, "queryset") and not hasattr(view, "get_queryset"):
            return True

        if not request.user or not request.user.is_authenticated: