Logout: allow any authenticated user (instead of normal permissions).

We should always allow users to log out if they are authenticated. This doesn't need to use the global permissions.
4 years ago · c7bd01b2d1
parent 47f3e08846
commit c7bd01b2d1
1 changed files with 1 additions and 1 deletions
--- a/django_etebase/views.py
+++ b/django_etebase/views.py
@ -756,7 +756,7 @@ class AuthenticationViewSet(viewsets.ViewSet):

        return Response(data, status=status.HTTP_200_OK)

-    @action_decorator(detail=False, methods=['POST'], permission_classes=BaseViewSet.permission_classes)
+    @action_decorator(detail=False, methods=['POST'], permission_classes=[IsAuthenticated])
    def logout(self, request, *args, **kwargs):
        request.auth.delete()
        user_logged_out.send(sender=request.user.__class__, request=request, user=request.user)