Commit 9beaf144 authored by Calum Mackervoy's avatar Calum Mackervoy

only raise PermissionDenied on POST and DELETE requests

parent 6deb29e7
Pipeline #6994 passed with stage
in 28 seconds
......@@ -39,10 +39,10 @@ class ProjectPermissions(LDPPermissions):
# other members can perform GET only
if request.method != 'GET':
raise PermissionDenied(detail='You must be an admin to perform this action')
return False
if not Member.objects.filter(user=request.user, project=obj).exists():
raise PermissionDenied(detail='You must be a member of this project to perform this action')
return False
return super().has_object_permission(request, view, obj)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment