Logout: allow any authenticated user (instead of normal permissions).

We should always allow users to log out if they are authenticated. This
doesn't need to use the global permissions.
master
Tom Hacohen 4 years ago
parent 47f3e08846
commit c7bd01b2d1

@ -756,7 +756,7 @@ class AuthenticationViewSet(viewsets.ViewSet):
return Response(data, status=status.HTTP_200_OK) return Response(data, status=status.HTTP_200_OK)
@action_decorator(detail=False, methods=['POST'], permission_classes=BaseViewSet.permission_classes) @action_decorator(detail=False, methods=['POST'], permission_classes=[IsAuthenticated])
def logout(self, request, *args, **kwargs): def logout(self, request, *args, **kwargs):
request.auth.delete() request.auth.delete()
user_logged_out.send(sender=request.user.__class__, request=request, user=request.user) user_logged_out.send(sender=request.user.__class__, request=request, user=request.user)

Loading…
Cancel
Save