diff mbox series

[RFC,06/19] WIP: REST: Change permissions for '/people', '/users'

Message ID 20210811213705.36293-7-stephen@that.guru
State RFC
Headers show
Series Integrate Bulma | expand
Related show

Commit Message

Stephen Finucane Aug. 11, 2021, 9:36 p.m. UTC 
This needs to be versioned. It's the correct thing to do though.

Signed-off-by: Stephen Finucane <stephen@that.guru>
---
 patchwork/api/person.py | 4 ++--
 patchwork/api/user.py   | 5 ++++-
 2 files changed, 6 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git patchwork/api/person.py patchwork/api/person.py
index c806c0dd..59d74a56 100644
--- patchwork/api/person.py
+++ patchwork/api/person.py
@@ -6,7 +6,7 @@ 
 from rest_framework.serializers import HyperlinkedModelSerializer
 from rest_framework.generics import ListAPIView
 from rest_framework.generics import RetrieveAPIView
-from rest_framework.permissions import IsAuthenticated
+from rest_framework.permissions import IsAuthenticatedOrReadOnly
 
 from patchwork.api.embedded import UserSerializer
 from patchwork.models import Person
@@ -27,7 +27,7 @@  class PersonSerializer(HyperlinkedModelSerializer):
 
 class PersonMixin(object):
 
-    permission_classes = (IsAuthenticated,)
+    permission_classes = (IsAuthenticatedOrReadOnly,)
     serializer_class = PersonSerializer
 
     def get_queryset(self):
diff --git patchwork/api/user.py patchwork/api/user.py
index 4ea2322e..d629a7aa 100644
--- patchwork/api/user.py
+++ patchwork/api/user.py
@@ -84,7 +84,10 @@  class UserDetailSerializer(UserListSerializer):
 class UserMixin(object):
 
     queryset = User.objects.all()
-    permission_classes = (permissions.IsAuthenticated, IsOwnerOrReadOnly)
+    permission_classes = (
+        permissions.IsAuthenticatedOrReadOnly,
+        IsOwnerOrReadOnly,
+    )
 
 
 class UserList(UserMixin, ListAPIView):