_ignore_model_permissions is ignoring users authentication too
#8771
Answered
by
auvipy
dennybiasiolli
asked this question in
Potential Issue
-
|
Partially referring to this issue: #8425 In def has_permission(self, request, view):
# Workaround to ensure DjangoModelPermissions are not applied
# to the root view when using DefaultRouter.
if getattr(view, '_ignore_model_permissions', False):
return True
if not request.user or (
not request.user.is_authenticated and self.authenticated_users_only):
return False
queryset = self._queryset(view)
perms = self.get_required_permissions(request.method, queryset.model)
return request.user.has_perms(perms)In my opinion it should be def has_permission(self, request, view):
if not request.user or (
not request.user.is_authenticated and self.authenticated_users_only):
return False
# Workaround to ensure DjangoModelPermissions are not applied
# to the root view when using DefaultRouter.
if getattr(view, '_ignore_model_permissions', False):
return True
queryset = self._queryset(view)
perms = self.get_required_permissions(request.method, queryset.model)
return request.user.has_perms(perms)So checking for authentication before checking for the What do you think about that? |
Beta Was this translation helpful? Give feedback.
Answered by
auvipy
Nov 28, 2022
Replies: 1 comment
Answer selected by
auvipy
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
c0d95cb