Commit 10e68410 authored by Bengfort's avatar Bengfort
Browse files

allow API access for logged in users

makes the "browsable API" useful

see https://www.django-rest-framework.org/topics/browsable-api/
parent e420ca26
Pipeline #10761 passed with stages
in 2 minutes and 21 seconds
......@@ -138,7 +138,9 @@ class InvitationUpdateView(UpdateView):
class TokenPermission(BasePermission):
def has_permission(self, request, view):
return request.headers.get('Authorization') == 'token ' + settings.API_TOKEN
token = request.headers.get('Authorization') == 'token ' + settings.API_TOKEN
is_authenticated = bool(request.user and request.user.is_authenticated)
return token or is_authenticated
class InvitationApiView(APIView):
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment