Logout: allow any authenticated user (instead of normal permissions).

We should always allow users to log out if they are authenticated. This
doesn't need to use the global permissions.
This commit is contained in:
Tom Hacohen 2020-10-13 12:09:29 +03:00
parent 47f3e08846
commit c7bd01b2d1

View File

@ -756,7 +756,7 @@ class AuthenticationViewSet(viewsets.ViewSet):
return Response(data, status=status.HTTP_200_OK)
@action_decorator(detail=False, methods=['POST'], permission_classes=BaseViewSet.permission_classes)
@action_decorator(detail=False, methods=['POST'], permission_classes=[IsAuthenticated])
def logout(self, request, *args, **kwargs):
request.auth.delete()
user_logged_out.send(sender=request.user.__class__, request=request, user=request.user)