From d38ae6138f5fb744646ad6efacb68af4a7187050 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Thu, 9 Aug 2018 15:22:04 +0200
Subject: [PATCH] api: accept signed calls to /api/users/ without user (#25619)

---
 wcs/backoffice/management.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/wcs/backoffice/management.py b/wcs/backoffice/management.py
index 777afe55..d4984300 100644
--- a/wcs/backoffice/management.py
+++ b/wcs/backoffice/management.py
@@ -749,7 +749,9 @@ class ManagementDirectory(Directory):
 
     def get_global_listing_criterias(self):
         parsed_values = {}
-        user_roles = [logged_users_role().id] + (get_request().user.roles or [])
+        user_roles = [logged_users_role().id]
+        if get_request().user and get_request().user.roles:
+            user_roles.extend(get_request().user.roles)
         criterias = get_global_criteria(get_request(), parsed_values)
         query_parameters = (get_request().form or {}).copy()
         query_parameters.pop('callback', None) # when using jsonp
-- 
2.18.0