steffo/sophon
steffo/sophon
1
Fork 0
mirror of https://github.com/Steffo99/sophon.git synced 2024-12-22 06:44:21 +00:00
Code Activity

🐛 Properly return 401 in custom actions

Browse source
This commit is contained in:
Steffo 2021-10-29 01:15:20 +02:00
parent 363d1568b1
commit 154d187b11
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
backend/sophon/core/views.py
View file

@ -262,6 +262,9 @@ class ResearchGroupViewSet(WriteSophonViewSet):
"""
group = models.ResearchGroup.objects.get(pk=pk)
if self.request.user.is_anonymous:
return Response(status=s.HTTP_401_UNAUTHORIZED)
# Raise an error if the group doesn't allow member joins
if group.access != "OPEN":
return Response(status=s.HTTP_403_FORBIDDEN)
@ -283,6 +286,9 @@ class ResearchGroupViewSet(WriteSophonViewSet):
"""
group = models.ResearchGroup.objects.get(pk=pk)
if self.request.user.is_anonymous:
return Response(status=s.HTTP_401_UNAUTHORIZED)
# Raise an error if the user is the owner of the group
if self.request.user == group.owner:
return Response(status=s.HTTP_403_FORBIDDEN)