From 993c299cc872a5b9deddfc33c8502cab0721982a Mon Sep 17 00:00:00 2001
From: Jonathan Weth <git@jonathanweth.de>
Date: Wed, 30 Aug 2023 16:08:39 +0200
Subject: [PATCH] Fix permission check in API

---
 aleksis/apps/kort/api.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/aleksis/apps/kort/api.py b/aleksis/apps/kort/api.py
index ceaad65..f9f9d11 100644
--- a/aleksis/apps/kort/api.py
+++ b/aleksis/apps/kort/api.py
@@ -8,7 +8,7 @@ from oauth2_provider.oauth2_backends import get_oauthlib_core
 from oauthlib.common import Request as OauthlibRequest
 from rest_framework import generics, serializers
 from rest_framework.authentication import BaseAuthentication
-from rest_framework.exceptions import APIException, ValidationError
+from rest_framework.exceptions import APIException, PermissionDenied, ValidationError
 from rest_framework.permissions import BasePermission
 from rest_framework.response import Response
 from rest_framework.views import APIView
@@ -133,6 +133,8 @@ class CardPrinterDetails(generics.RetrieveAPIView):
 
     def get_object(self):
         token = self.request.auth
+        if not token:
+            raise PermissionDenied()
         return token.client.card_printers.all().first()
 
 
-- 
GitLab