Fix permission check on operations

The original code was too restrictive and didn't allow some users to trigger pull/push. Signed-off-by: Michal Čihař <michal@cihar.com>

Fix permission check on operations
The original code was too restrictive and didn't allow some users to trigger pull/push. Signed-off-by: Michal Čihař <michal@cihar.com>
71af2d18 · Michal Čihař · 8302042f · 71af2d18
Commit 71af2d18 authored Mar 25, 2016 by Michal Čihař
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

weblate/api/views.py weblate/api/views.py +3 -3

No files found.
--- a/weblate/api/views.py
+++ b/weblate/api/views.py
@@ -106,9 +106,6 @@ class WeblateViewSet(viewsets.ReadOnlyModelViewSet):
        else:
            project = obj

-        if not can_see_repository_status(request.user, project):
-            raise PermissionDenied()
-
        if request.method == 'POST':
            serializer = RepoRequestSerializer(data=request.data)
            serializer.is_valid(raise_exception=True)
@@ -117,6 +114,9 @@ class WeblateViewSet(viewsets.ReadOnlyModelViewSet):
                request, obj, project, serializer.validated_data['operation']
            )

+        if not can_see_repository_status(request.user, project):
+            raise PermissionDenied()
+
        return Response(
            data={
                'needs_commit': obj.repo_needs_commit(),