Commit f42ffe1c authored by Calum Mackervoy's avatar Calum Mackervoy Committed by Jean-Baptiste Pasquier

anonymous user check in has_object_permissions

parent 3e3a767c
......@@ -28,6 +28,10 @@ class ProjectPermissions(LDPPermissions):
def has_object_permission(self, request, view, obj):
from .models import Member
# anonymous users have no rights
if request.user.is_anonymous and not request.method == 'OPTIONS':
return False
# admins have full permissions
if is_user_admin_of_project(request.user, obj):
return True
......@@ -62,6 +66,10 @@ class ProjectMemberPermissions(LDPPermissions):
return super().has_permission(request, view)
def has_object_permission(self, request, view, obj):
# anonymous users have no rights
if request.user.is_anonymous and not request.method == 'OPTIONS':
return False
# admins have full permissions
if is_user_admin_of_project(request.user, obj.project):
if request.method == 'DELETE':
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment