bypass temporaire des acl de l'api

2024-11-22 11:23:10 +00:00 · 2020-11-28 12:06:32 +01:00 · 2020-11-28 12:06:32 +01:00 · e863179907
commit e863179907
parent 935249bebd
1 changed files with 7 additions and 3 deletions
--- a/api/permissions.py
+++ b/api/permissions.py
@ -62,7 +62,7 @@ def _get_param_in_view(view, param_name):
        "cannot apply {} on a view that does not set "
        "`.{}` or have a `.get_{}()` method."
    ).format(
-        self.__class__.__name__, param_name, param_name
+        view.__class__.__name__, param_name, param_name
    )

    if hasattr(view, "get_" + param_name):
@ -239,6 +239,9 @@ class AutodetectACLPermission(permissions.BasePermission):
        if getattr(view, "_ignore_model_permissions", False):
            return True

+        if not getattr(view, "queryset", None):
+            return True
+
        if not request.user or not request.user.is_authenticated:
            return False

@ -273,7 +276,8 @@ class AutodetectACLPermission(permissions.BasePermission):
            # they have read permissions to see 403, or not, and simply see
            # a 404 response.

-            SAFE_METHODS = ("GET", "OPTIONS", "HEAD", "POST", "PUT", "PATCH", "DELETE")
+            SAFE_METHODS = ("GET", "OPTIONS", "HEAD",
+                            "POST", "PUT", "PATCH", "DELETE")

            if request.method in SAFE_METHODS:
                # Read permissions already checked and failed, no need