0001-remove-authentication-classes-from-APIView-9812.patch
src/authentic2/api_views.py | ||
---|---|---|
326 | 326 |
router.register(r'users', UsersAPI, base_name='a2-api-users') |
327 | 327 | |
328 | 328 |
class RolesAPI(APIView): |
329 |
authentication_class = (authentication.BasicAuthentication) |
|
330 | 329 |
permission_classes = (permissions.IsAuthenticated,) |
331 | 330 | |
332 | 331 |
def initial(self, request, *args, **kwargs): |
... | ... | |
339 | 338 |
perm = 'a2_rbac.change_role' |
340 | 339 |
authorized = request.user.has_perm(perm, obj=self.role) |
341 | 340 |
if not authorized: |
342 |
raise PermissionDenied(u'User not allowed to change role')
|
|
341 |
raise PermissionDenied(u'User not allowed to change role') |
|
343 | 342 | |
344 | 343 |
def post(self, request, *args, **kwargs): |
345 | 344 |
self.role.members.add(self.member) |
346 |
- |