From ce4b3290dc79d41e17e4c0bc627afc45eec54cb5 Mon Sep 17 00:00:00 2001
From: chapeau <corentin.canebier@student-cs.fr>
Date: Mon, 3 Feb 2020 16:56:28 +0000
Subject: [PATCH] Fix api permission check

---
 api/permissions.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/api/permissions.py b/api/permissions.py
index a8c70f67..b54adf6f 100644
--- a/api/permissions.py
+++ b/api/permissions.py
@@ -23,7 +23,7 @@
 """
 
 from rest_framework import permissions, exceptions
-
+from django.http import Http404
 from . import acl
 
 
@@ -273,6 +273,8 @@ class AutodetectACLPermission(permissions.BasePermission):
             # they have read permissions to see 403, or not, and simply see
             # a 404 response.
 
+            SAFE_METHODS = ("GET", "OPTIONS", "HEAD", "POST", "PUT", "PATCH", "DELETE")
+
             if request.method in SAFE_METHODS:
                 # Read permissions already checked and failed, no need
                 # to make another lookup.