From 9cad5d62e1518502ca149d77a8c254fba98eff89 Mon Sep 17 00:00:00 2001
From: Tom Hacohen <tom@stosb.com>
Date: Fri, 9 Oct 2020 13:10:41 +0300
Subject: [PATCH] Account: change Dashboard URL endpoint's permissions.

We only want to require that the account is authenticated, not the rest of
the permissions. As we want to be able to get a dashboard url for accounts
that aren't currently valid.
---
 django_etebase/views.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/django_etebase/views.py b/django_etebase/views.py
index d421e43..8c55366 100644
--- a/django_etebase/views.py
+++ b/django_etebase/views.py
@@ -30,6 +30,7 @@ from rest_framework.response import Response
 from rest_framework.parsers import JSONParser, FormParser, MultiPartParser
 from rest_framework.renderers import BrowsableAPIRenderer
 from rest_framework.exceptions import AuthenticationFailed
+from rest_framework.permissions import IsAuthenticated
 
 import nacl.encoding
 import nacl.signing
@@ -783,7 +784,7 @@ class AuthenticationViewSet(viewsets.ViewSet):
 
         return Response({}, status=status.HTTP_200_OK)
 
-    @action_decorator(detail=False, methods=['POST'], permission_classes=BaseViewSet.permission_classes)
+    @action_decorator(detail=False, methods=['POST'], permission_classes=[IsAuthenticated])
     def dashboard_url(self, request, *args, **kwargs):
         get_dashboard_url = app_settings.DASHBOARD_URL_FUNC
         if get_dashboard_url is None: