From 9cad5d62e1518502ca149d77a8c254fba98eff89 Mon Sep 17 00:00:00 2001 From: Tom Hacohen Date: Fri, 9 Oct 2020 13:10:41 +0300 Subject: [PATCH] Account: change Dashboard URL endpoint's permissions. We only want to require that the account is authenticated, not the rest of the permissions. As we want to be able to get a dashboard url for accounts that aren't currently valid. --- django_etebase/views.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/django_etebase/views.py b/django_etebase/views.py index d421e43..8c55366 100644 --- a/django_etebase/views.py +++ b/django_etebase/views.py @@ -30,6 +30,7 @@ from rest_framework.response import Response from rest_framework.parsers import JSONParser, FormParser, MultiPartParser from rest_framework.renderers import BrowsableAPIRenderer from rest_framework.exceptions import AuthenticationFailed +from rest_framework.permissions import IsAuthenticated import nacl.encoding import nacl.signing @@ -783,7 +784,7 @@ class AuthenticationViewSet(viewsets.ViewSet): return Response({}, status=status.HTTP_200_OK) - @action_decorator(detail=False, methods=['POST'], permission_classes=BaseViewSet.permission_classes) + @action_decorator(detail=False, methods=['POST'], permission_classes=[IsAuthenticated]) def dashboard_url(self, request, *args, **kwargs): get_dashboard_url = app_settings.DASHBOARD_URL_FUNC if get_dashboard_url is None: