[RFC PATCH 06/19] WIP: REST: Change permissions for '/people', '/users'
Stephen Finucane
stephen at that.guru
Thu Aug 12 07:36:52 AEST 2021
This needs to be versioned. It's the correct thing to do though.
Signed-off-by: Stephen Finucane <stephen at that.guru>
---
patchwork/api/person.py | 4 ++--
patchwork/api/user.py | 5 ++++-
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git patchwork/api/person.py patchwork/api/person.py
index c806c0dd..59d74a56 100644
--- patchwork/api/person.py
+++ patchwork/api/person.py
@@ -6,7 +6,7 @@
from rest_framework.serializers import HyperlinkedModelSerializer
from rest_framework.generics import ListAPIView
from rest_framework.generics import RetrieveAPIView
-from rest_framework.permissions import IsAuthenticated
+from rest_framework.permissions import IsAuthenticatedOrReadOnly
from patchwork.api.embedded import UserSerializer
from patchwork.models import Person
@@ -27,7 +27,7 @@ class PersonSerializer(HyperlinkedModelSerializer):
class PersonMixin(object):
- permission_classes = (IsAuthenticated,)
+ permission_classes = (IsAuthenticatedOrReadOnly,)
serializer_class = PersonSerializer
def get_queryset(self):
diff --git patchwork/api/user.py patchwork/api/user.py
index 4ea2322e..d629a7aa 100644
--- patchwork/api/user.py
+++ patchwork/api/user.py
@@ -84,7 +84,10 @@ class UserDetailSerializer(UserListSerializer):
class UserMixin(object):
queryset = User.objects.all()
- permission_classes = (permissions.IsAuthenticated, IsOwnerOrReadOnly)
+ permission_classes = (
+ permissions.IsAuthenticatedOrReadOnly,
+ IsOwnerOrReadOnly,
+ )
class UserList(UserMixin, ListAPIView):
--
2.31.1
More information about the Patchwork
mailing list