Skip to content

Commit

Permalink
🛂 allow creating/updating via api also with regular authentication, n…
Browse files Browse the repository at this point in the history
…ot just tokens

otherwise, we'd have to generate a token for our frontend
  • Loading branch information
krmax44 committed Nov 18, 2024
1 parent 7519879 commit 1f42757
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions froide/foirequest/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -366,6 +366,8 @@ class CreateOnlyWithScopePermission(TokenHasScope):
def has_permission(self, request, view):
if view.action not in ("create", "update"):
return True
if not request.user.is_authenticated:
return False
if request.user.is_authenticated and request.auth is None:
# allow api use with session authentication
# see https://www.django-rest-framework.org/api-guide/authentication/#sessionauthentication
return True
return super().has_permission(request, view)

0 comments on commit 1f42757

Please sign in to comment.