mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-12-24 07:53:47 +00:00
lets be sure that api permissions wont trigger on functional views
This commit is contained in:
parent
eb7830dfad
commit
9ff03d8c42
1 changed files with 5 additions and 1 deletions
|
@ -239,6 +239,9 @@ class AutodetectACLPermission(permissions.BasePermission):
|
||||||
if getattr(view, "_ignore_model_permissions", False):
|
if getattr(view, "_ignore_model_permissions", False):
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
if not getattr(view, "queryset", getattr(view, "get_queryset", None)):
|
||||||
|
return True
|
||||||
|
|
||||||
if not request.user or not request.user.is_authenticated:
|
if not request.user or not request.user.is_authenticated:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
@ -273,7 +276,8 @@ class AutodetectACLPermission(permissions.BasePermission):
|
||||||
# they have read permissions to see 403, or not, and simply see
|
# they have read permissions to see 403, or not, and simply see
|
||||||
# a 404 response.
|
# a 404 response.
|
||||||
|
|
||||||
SAFE_METHODS = ("GET", "OPTIONS", "HEAD", "POST", "PUT", "PATCH", "DELETE")
|
SAFE_METHODS = ("GET", "OPTIONS", "HEAD",
|
||||||
|
"POST", "PUT", "PATCH", "DELETE")
|
||||||
|
|
||||||
if request.method in SAFE_METHODS:
|
if request.method in SAFE_METHODS:
|
||||||
# Read permissions already checked and failed, no need
|
# Read permissions already checked and failed, no need
|
||||||
|
|
Loading…
Reference in a new issue