Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork7k
fix anonymous access for DjangoModelPermissionsOrAnonReadOnly#9315
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
Is it possible to add some tests to verify this? |
Yes. I've included them in the latest commit |
tomchristie commentedMar 21, 2024 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
Superseeded by#9332, which instead outright reverts the change. |
WillNilges commentedSep 11, 2024
👋🏻 Hey there, apologies for the necrobump, but my project was looking forward to the fix from#8009 for release 3.15 so that we can point back at mainline. Are there any plans to merge this/can we re-open this PR? |
This pull request fixes anonymous read-only access for the
DjangoModelPermissionsOrAnonReadOnlyclass inpermissions.pyas mentioned in issue#9299.If the user is authenticated, it will run the the
has_permissionmethod defined inDjangoModelPermissionssince it's the parent class. If the user is not authenticated, then the user will have permissiononly if the method is safe. (GET, HEAD, or OPTIONS)