diff --git a/backend/samfundet/views.py b/backend/samfundet/views.py index f9e22be7f..1bdcbb614 100644 --- a/backend/samfundet/views.py +++ b/backend/samfundet/views.py @@ -128,12 +128,14 @@ class KeyValueView(ReadOnlyModelViewSet): # Images class ImageView(ModelViewSet): + permission_classes = (DjangoModelPermissionsOrAnonReadOnly, ) serializer_class = ImageSerializer queryset = Image.objects.all().order_by('-pk') # Image tags class TagView(ModelViewSet): + permission_classes = (DjangoModelPermissionsOrAnonReadOnly, ) serializer_class = TagSerializer queryset = Tag.objects.all() @@ -144,6 +146,7 @@ class TagView(ModelViewSet): class EventView(ModelViewSet): + permission_classes = (DjangoModelPermissionsOrAnonReadOnly, ) serializer_class = EventSerializer queryset = Event.objects.all() @@ -176,7 +179,7 @@ def get(self, request: Request) -> Response: class EventGroupView(ModelViewSet): - http_method_names = ['get'] + permission_classes = (DjangoModelPermissionsOrAnonReadOnly, ) serializer_class = EventGroupSerializer queryset = EventGroup.objects.all() @@ -187,13 +190,14 @@ class EventGroupView(ModelViewSet): class VenueView(ModelViewSet): - permission_classes = [AllowAny] + permission_classes = (DjangoModelPermissionsOrAnonReadOnly, ) serializer_class = VenueSerializer queryset = Venue.objects.all() lookup_field = 'slug' class ClosedPeriodView(ModelViewSet): + permission_classes = (DjangoModelPermissionsOrAnonReadOnly, ) serializer_class = ClosedPeriodSerializer queryset = ClosedPeriod.objects.all() @@ -210,24 +214,25 @@ def get_queryset(self) -> QuerySet: class SaksdokumentView(ModelViewSet): - permission_classes = [AllowAny] + permission_classes = (DjangoModelPermissionsOrAnonReadOnly, ) serializer_class = SaksdokumentSerializer queryset = Saksdokument.objects.all() class OrganizationView(ModelViewSet): - permission_classes = [AllowAny] + permission_classes = (DjangoModelPermissionsOrAnonReadOnly, ) serializer_class = OrganizationSerializer queryset = Organization.objects.all() class GangView(ModelViewSet): + permission_classes = (DjangoModelPermissionsOrAnonReadOnly, ) serializer_class = GangSerializer queryset = Gang.objects.all() class GangTypeView(ModelViewSet): - http_method_names = ['get'] + permission_classes = (DjangoModelPermissionsOrAnonReadOnly, ) serializer_class = GangTypeSerializer queryset = GangType.objects.all() @@ -256,31 +261,37 @@ class BlogPostView(ModelViewSet): class MenuView(ModelViewSet): + permission_classes = (DjangoModelPermissionsOrAnonReadOnly, ) serializer_class = MenuSerializer queryset = Menu.objects.all() class MenuItemView(ModelViewSet): + permission_classes = (DjangoModelPermissionsOrAnonReadOnly, ) serializer_class = MenuItemSerializer queryset = MenuItem.objects.all() class FoodCategoryView(ModelViewSet): + permission_classes = (DjangoModelPermissionsOrAnonReadOnly, ) serializer_class = FoodCategorySerializer queryset = FoodCategory.objects.all() class FoodPreferenceView(ModelViewSet): + permission_classes = (DjangoModelPermissionsOrAnonReadOnly, ) serializer_class = FoodPreferenceSerializer queryset = FoodPreference.objects.all() class TableView(ModelViewSet): + permission_classes = (DjangoModelPermissionsOrAnonReadOnly, ) serializer_class = TableSerializer queryset = Table.objects.all() class BookingView(ModelViewSet): + permission_classes = (DjangoModelPermissionsOrAnonReadOnly, ) serializer_class = BookingSerializer queryset = Booking.objects.all() @@ -359,7 +370,7 @@ def get(self, request: Request) -> Response: class AllUsersView(ListAPIView): - permission_classes = [IsAuthenticated] + permission_classes = (DjangoModelPermissionsOrAnonReadOnly, ) serializer_class = UserSerializer queryset = User.objects.all() @@ -375,7 +386,7 @@ def post(self, request: Request) -> Response: class AllGroupsView(ListAPIView): - permission_classes = [IsAuthenticated] + permission_classes = (DjangoModelPermissionsOrAnonReadOnly, ) serializer_class = GroupSerializer queryset = Group.objects.all() @@ -396,6 +407,7 @@ class UserPreferenceView(ModelViewSet): class ProfileView(ModelViewSet): + permission_classes = (DjangoModelPermissionsOrAnonReadOnly, ) serializer_class = ProfileSerializer queryset = Profile.objects.all()