From 7e60c6ed416f8787d1037afde5d98f13a91b6d30 Mon Sep 17 00:00:00 2001
From: chapeau <corentin@canebier.fr>
Date: Sun, 29 Nov 2020 18:19:46 +0100
Subject: [PATCH] lets be sure that api permissions wont trigger on functional
 views

---
 api/permissions.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/api/permissions.py b/api/permissions.py
index 1983bdc8..3ee61f33 100644
--- a/api/permissions.py
+++ b/api/permissions.py
@@ -239,6 +239,9 @@ class AutodetectACLPermission(permissions.BasePermission):
         if getattr(view, "_ignore_model_permissions", False):
             return True
 
+        if not getattr(view, "queryset", getattr(view, "get_queryset", None)):
+            return True
+
         if not request.user or not request.user.is_authenticated:
             return False
 
@@ -273,7 +276,8 @@ class AutodetectACLPermission(permissions.BasePermission):
             # they have read permissions to see 403, or not, and simply see
             # a 404 response.
 
-            SAFE_METHODS = ("GET", "OPTIONS", "HEAD", "POST", "PUT", "PATCH", "DELETE")
+            SAFE_METHODS = ("GET", "OPTIONS", "HEAD",
+                            "POST", "PUT", "PATCH", "DELETE")
 
             if request.method in SAFE_METHODS:
                 # Read permissions already checked and failed, no need