Verified Commit 29890c46 authored by Sébastiaan Versteeg's avatar Sébastiaan Versteeg
Browse files

Do not require events api authentication for open data

parent cbe59f6c
......@@ -140,16 +140,19 @@ class EventRetrieveSerializer(serializers.ModelSerializer):
def _user_registration(self, instance):
try:
reg = instance.registration_set.get(
member=self.context['request'].member)
return RegistrationAdminListSerializer(reg,
context=self.context).data
if self.context['request'].member:
reg = instance.registration_set.get(
member=self.context['request'].member)
return RegistrationAdminListSerializer(
reg, context=self.context).data
except Registration.DoesNotExist:
return None
pass
return None
def _registration_allowed(self, instance):
member = self.context['request'].member
return (member.has_active_membership and
return (self.context['request'].user.is_authenticated and
member.has_active_membership and
member.can_attend_events)
def _has_fields(self, instance):
......
......@@ -36,7 +36,7 @@ class EventViewset(viewsets.ReadOnlyModelViewSet):
and enables ordering on the event start/end.
"""
queryset = Event.objects.filter(published=True)
permission_classes = [IsAuthenticated]
permission_classes = [IsAuthenticatedOrReadOnly]
filter_backends = (filters.OrderingFilter,)
ordering_fields = ('start', 'end')
......@@ -67,7 +67,8 @@ class EventViewset(viewsets.ReadOnlyModelViewSet):
def get_serializer_context(self):
return super().get_serializer_context()
@action(detail=True, methods=['get', 'post'])
@action(detail=True, methods=['get', 'post'],
permission_classes=(IsAuthenticated,))
def registrations(self, request, pk):
"""
Defines a custom route for the event's registrations,
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment