From e34a2941cfcf3d6419bf61508c3b283648efbd27 Mon Sep 17 00:00:00 2001
From: Samuel Gaist <samuel.gaist@idiap.ch>
Date: Fri, 24 Apr 2020 09:47:30 +0200
Subject: [PATCH] [common][permissions] Improve IsAuthor permission

IsAuthor requires that the user be authenticated so
use the corresponding base class.
---
 beat/web/common/permissions.py | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/beat/web/common/permissions.py b/beat/web/common/permissions.py
index 05081b8e8..6c15d5840 100644
--- a/beat/web/common/permissions.py
+++ b/beat/web/common/permissions.py
@@ -27,21 +27,26 @@
 
 from rest_framework import permissions
 
+
 class IsSuperuser(permissions.BasePermission):
     """
     Global permission check for super user
     """
+
     def has_permission(self, request, view):
         return request.user.is_superuser
 
 
-class IsAuthor(permissions.BasePermission):
+class IsAuthor(permissions.IsAuthenticated):
     """
     Global permission check that verify if the user
     is also the onwer of the asked data
     """
 
     def has_permission(self, request, view):
-        kwargs = request.parser_context.get('kwargs')
-        author_name = kwargs.get('author_name')
-        return request.user.username == author_name
+        allowed = super().has_permission(request, view)
+        if allowed:
+            kwargs = request.parser_context.get("kwargs")
+            author_name = kwargs.get("author_name")
+            allowed = request.user.username == author_name
+        return allowed
-- 
GitLab