Merge pull request #111 from taigaio/issue/1183-anonymous-users-api-get-error-500

Fix issue 1183: Now anonymous user can get project and take the correct ...
2014-10-08 14:00:54 +02:00 · 2014-10-08 14:00:54 +02:00 · 2a9a7676af
parent c7c52b8e97 1cf6777799
commit 2a9a7676af
1 changed files with 1 additions and 1 deletions
--- a/taiga/users/api.py
+++ b/taiga/users/api.py
@ -50,7 +50,7 @@ class MembersFilterBackend(BaseFilterBackend):
        if project_id:
            Project = apps.get_model('projects', 'Project')
            project = get_object_or_404(Project, pk=project_id)
-            if project.memberships.filter(user=request.user).exists() or project.owner == request.user:
+            if request.user.is_authenticated() and (project.memberships.filter(user=request.user).exists() or project.owner == request.user):
                return queryset.filter(Q(memberships__project=project) | Q(id=project.owner.id)).distinct()
            else:
                raise exc.PermissionDenied(_("You don't have permisions to see this project users."))