Fixed api permissions

This commit is contained in:
Antoine Bartuccio 2016-08-07 20:52:53 +02:00
parent 2822d947d9
commit 8e8ee808b5

View File

@ -24,7 +24,7 @@ class RightManagedModelViewSet(viewsets.ModelViewSet):
try:
if (request.method == 'GET' and can_view(obj, user)):
return res
elif (request.method == 'PUSH' and can_edit(obj, user)):
elif (request.method != 'GET' and can_edit(obj, user)):
return res
except: pass # To prevent bug with Anonymous user
raise PermissionDenied