mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-12-23 15:33:45 +00:00
bypass temporaire des acl de l'api
This commit is contained in:
parent
935249bebd
commit
e863179907
1 changed files with 7 additions and 3 deletions
|
@ -62,7 +62,7 @@ def _get_param_in_view(view, param_name):
|
|||
"cannot apply {} on a view that does not set "
|
||||
"`.{}` or have a `.get_{}()` method."
|
||||
).format(
|
||||
self.__class__.__name__, param_name, param_name
|
||||
view.__class__.__name__, param_name, param_name
|
||||
)
|
||||
|
||||
if hasattr(view, "get_" + param_name):
|
||||
|
@ -212,7 +212,7 @@ class AutodetectACLPermission(permissions.BasePermission):
|
|||
|
||||
return [perm(obj) for perm in self.perms_obj_map[method]]
|
||||
|
||||
@staticmethod
|
||||
@ staticmethod
|
||||
def _queryset(view):
|
||||
return _get_param_in_view(view, "queryset")
|
||||
|
||||
|
@ -239,6 +239,9 @@ class AutodetectACLPermission(permissions.BasePermission):
|
|||
if getattr(view, "_ignore_model_permissions", False):
|
||||
return True
|
||||
|
||||
if not getattr(view, "queryset", None):
|
||||
return True
|
||||
|
||||
if not request.user or not request.user.is_authenticated:
|
||||
return False
|
||||
|
||||
|
@ -273,7 +276,8 @@ class AutodetectACLPermission(permissions.BasePermission):
|
|||
# they have read permissions to see 403, or not, and simply see
|
||||
# a 404 response.
|
||||
|
||||
SAFE_METHODS = ("GET", "OPTIONS", "HEAD", "POST", "PUT", "PATCH", "DELETE")
|
||||
SAFE_METHODS = ("GET", "OPTIONS", "HEAD",
|
||||
"POST", "PUT", "PATCH", "DELETE")
|
||||
|
||||
if request.method in SAFE_METHODS:
|
||||
# Read permissions already checked and failed, no need
|
||||
|
|
Loading…
Reference in a new issue