From c7bd01b2d12ac437ddab95283fcd2eb8085ea5a4 Mon Sep 17 00:00:00 2001 From: Tom Hacohen Date: Tue, 13 Oct 2020 12:09:29 +0300 Subject: [PATCH] Logout: allow any authenticated user (instead of normal permissions). We should always allow users to log out if they are authenticated. This doesn't need to use the global permissions. --- django_etebase/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/django_etebase/views.py b/django_etebase/views.py index 8c55366..2d9b76c 100644 --- a/django_etebase/views.py +++ b/django_etebase/views.py @@ -756,7 +756,7 @@ class AuthenticationViewSet(viewsets.ViewSet): return Response(data, status=status.HTTP_200_OK) - @action_decorator(detail=False, methods=['POST'], permission_classes=BaseViewSet.permission_classes) + @action_decorator(detail=False, methods=['POST'], permission_classes=[IsAuthenticated]) def logout(self, request, *args, **kwargs): request.auth.delete() user_logged_out.send(sender=request.user.__class__, request=request, user=request.user)