From a9c91dc4795c19ef4c81602d444dabad40530e48 Mon Sep 17 00:00:00 2001 From: Ola Tarkowska Date: Mon, 20 Aug 2018 10:37:43 +0100 Subject: [PATCH 1/2] add more search fields --- emgapi/viewsets.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/emgapi/viewsets.py b/emgapi/viewsets.py index aceb75536..08d45e5e3 100644 --- a/emgapi/viewsets.py +++ b/emgapi/viewsets.py @@ -182,4 +182,6 @@ class BasePublicationGenericViewSet(viewsets.GenericViewSet): 'authors', 'doi', 'isbn', + 'pubmed_id', + 'published_year', ) From 7f49583d33a0bde5fb3d828aa339d193cdb277af Mon Sep 17 00:00:00 2001 From: Ola Tarkowska Date: Wed, 22 Aug 2018 09:59:53 +0100 Subject: [PATCH 2/2] Restrict permissions for notification --- emgapi/views.py | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/emgapi/views.py b/emgapi/views.py index fc3f2d6a9..7a428d939 100644 --- a/emgapi/views.py +++ b/emgapi/views.py @@ -26,7 +26,6 @@ from django.middleware import csrf from django.http import HttpResponse from django.views.decorators.clickjacking import xframe_options_exempt -from django.views.decorators.csrf import csrf_protect from django_filters.rest_framework import DjangoFilterBackend @@ -112,11 +111,10 @@ def myaccounts(self, request, pk=None): serializer = self.get_serializer(submitter, many=True) return Response(serializer.data) - @csrf_protect @list_route( methods=['get', 'post', ], serializer_class=ena_serializers.NotifySerializer, - permission_classes=[permissions.AllowAny] + permission_classes=[permissions.IsAuthenticated, emg_perms.IsSelf] ) def notify(self, request, pk=None): serializer = self.get_serializer(data=request.data) @@ -135,11 +133,10 @@ def notify(self, request, pk=None): ) return Response(serializer.errors) - @csrf_protect @list_route( methods=['get', 'post', ], serializer_class=ena_serializers.EmailSerializer, - permission_classes=[permissions.AllowAny] + permission_classes=[permissions.IsAuthenticated, emg_perms.IsSelf] ) def sendemail(self, request, pk=None): serializer = self.get_serializer(data=request.data)