From 6365e0c63e974b54824a2ef7c1fba7edd90908d3 Mon Sep 17 00:00:00 2001
From: Jan Tuomi <jan.tuomi@eficode.com>
Date: Tue, 12 Mar 2019 15:16:59 +0200
Subject: [PATCH] Allow POST requests to event API

---
 webapp/views.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/webapp/views.py b/webapp/views.py
index 1b70e31..c04e11f 100644
--- a/webapp/views.py
+++ b/webapp/views.py
@@ -34,6 +34,14 @@ class IsPostOrIsAuthenticated(permissions.BasePermission):
         return request.user and request.user.is_authenticated
 
 
+class IsPostOrReadOnlyOrAuthenticated(permissions.BasePermission):
+    def has_permission(self, request, view):
+        if request.method in ['POST', 'GET']:
+            return True
+
+        return request.user and request.user.is_authenticated
+
+
 # -- REST API -- #
 class RootView(routers.APIRootView):
     permission_classes = [IsAuthenticatedOrReadOnly]
@@ -42,7 +50,7 @@ class RootView(routers.APIRootView):
 class EventViewSet(viewsets.ModelViewSet):
     queryset = Event.objects.all()
     serializer_class = EventSerializer
-    permission_classes = [IsAuthenticatedOrReadOnly]
+    permission_classes = [IsPostOrReadOnlyOrAuthenticated]
     filter_backends = (filters.DjangoFilterBackend, SearchFilter, OrderingFilter)
     filter_fields = '__all__'
     search_fields = '__all__'