Commit dafcd674 authored by Jean-Baptiste Pasquier's avatar Jean-Baptiste Pasquier

Merge branch 'permissions-anon-users' into 'master'

anonymous user check in has_object_permissions

See merge request !23
parents 3e3a767c f42ffe1c
Pipeline #6762 passed with stage
in 27 seconds
......@@ -28,6 +28,10 @@ class ProjectPermissions(LDPPermissions):
def has_object_permission(self, request, view, obj):
from .models import Member
# anonymous users have no rights
if request.user.is_anonymous and not request.method == 'OPTIONS':
return False
# admins have full permissions
if is_user_admin_of_project(request.user, obj):
return True
......@@ -62,6 +66,10 @@ class ProjectMemberPermissions(LDPPermissions):
return super().has_permission(request, view)
def has_object_permission(self, request, view, obj):
# anonymous users have no rights
if request.user.is_anonymous and not request.method == 'OPTIONS':
return False
# admins have full permissions
if is_user_admin_of_project(request.user, obj.project):
if request.method == 'DELETE':
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment