From 00cf2d83a05440f6166918bab55316d3e95fab03 Mon Sep 17 00:00:00 2001
From: Tom Hacohen <tom@stosb.com>
Date: Sun, 13 Sep 2020 14:17:25 +0300
Subject: [PATCH] Only enable browsable API when debugging is on.

The reason for that is that the API may expose data that shouldn't be exposed,
such as the list of users on the service.
---
 django_etebase/views.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/django_etebase/views.py b/django_etebase/views.py
index 636287e..c5482d6 100644
--- a/django_etebase/views.py
+++ b/django_etebase/views.py
@@ -91,7 +91,7 @@ def msgpack_decode(content):
 class BaseViewSet(viewsets.ModelViewSet):
     authentication_classes = tuple(app_settings.API_AUTHENTICATORS)
     permission_classes = tuple(app_settings.API_PERMISSIONS)
-    renderer_classes = [JSONRenderer, MessagePackRenderer, BrowsableAPIRenderer]
+    renderer_classes = [JSONRenderer, MessagePackRenderer] + [BrowsableAPIRenderer] if settings.DEBUG else []
     parser_classes = [JSONParser, MessagePackParser, FormParser, MultiPartParser]
     stoken_id_fields = None