Account: change Dashboard URL endpoint's permissions.

We only want to require that the account is authenticated, not the rest of the permissions. As we want to be able to get a dashboard url for accounts that aren't currently valid.
4 years ago · 9cad5d62e1
parent 74f40abc65
commit 9cad5d62e1
1 changed files with 2 additions and 1 deletions
--- a/django_etebase/views.py
+++ b/django_etebase/views.py
@ -30,6 +30,7 @@ from rest_framework.response import Response
 from rest_framework.parsers import JSONParser, FormParser, MultiPartParser
 from rest_framework.renderers import BrowsableAPIRenderer
 from rest_framework.exceptions import AuthenticationFailed
+from rest_framework.permissions import IsAuthenticated

 import nacl.encoding
 import nacl.signing
@ -783,7 +784,7 @@ class AuthenticationViewSet(viewsets.ViewSet):

        return Response({}, status=status.HTTP_200_OK)

-    @action_decorator(detail=False, methods=['POST'], permission_classes=BaseViewSet.permission_classes)
+    @action_decorator(detail=False, methods=['POST'], permission_classes=[IsAuthenticated])
    def dashboard_url(self, request, *args, **kwargs):
        get_dashboard_url = app_settings.DASHBOARD_URL_FUNC
        if get_dashboard_url is None: