From eb350686c1f5a461088036fd457b0eea47ad8881 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ville=20Vironm=C3=A4ki?= <ville.vironmaki@tut.fi>
Date: Thu, 14 Apr 2016 23:22:28 +0300
Subject: [PATCH] Superuser validation fixed for this version of Tastypie

---
 api/permissions.py | 15 +++++++++++++--
 userprofile/api.py |  2 +-
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/api/permissions.py b/api/permissions.py
index 5ef3e4ac4..37eaf0b8e 100644
--- a/api/permissions.py
+++ b/api/permissions.py
@@ -1,10 +1,21 @@
 from tastypie.authorization import Authorization
+from tastypie.exceptions import Unauthorized
 
 
 class SuperuserAuthorization(Authorization):
-    
+
+    # This implementation is supported only in versions 0.9.11 and below...
+    """
     def is_authorized(self, request, object=None):
         return request.user.is_superuser
 
     def apply_limits(self, request, object_list):
-        return object_list
+        return object_list"""
+
+    # Implementation in versions 0.9.12 and up.
+    def read_list(self, object_list, bundle):
+        # Is the person who made the request, superuser?
+        if bundle.request.user.is_superuser:
+            return object_list
+        else:
+            raise Unauthorized("Sorry, only VIP.")
diff --git a/userprofile/api.py b/userprofile/api.py
index 7fd0f4917..7d6245217 100644
--- a/userprofile/api.py
+++ b/userprofile/api.py
@@ -3,7 +3,6 @@
 from api.permissions import SuperuserAuthorization
 from userprofile.models import UserProfile
 
-
 class UserProfileResource(ModelResource):
 
     def dehydrate(self, bundle):
@@ -27,4 +26,5 @@ class Meta:
         # In this version of the API only superusers are allowed to access
         # userprofile objects
         allowed_methods = ['get']
+
         authorization = SuperuserAuthorization()