From 7c56e3b201f1d614f7b037b5cffb0ff71033c8cf Mon Sep 17 00:00:00 2001
From: Ernesto Rico Schmidt <ernesto@helsinki.at>
Date: Tue, 19 Mar 2024 16:47:53 -0400
Subject: [PATCH] =?UTF-8?q?fix:=20don=E2=80=99t=20limit=20the=20image=20qu?=
 =?UTF-8?q?eryset=20if=20the=20method=20is=20safe?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #194
---
 program/views.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/program/views.py b/program/views.py
index 2e187cf6..0b582ac5 100644
--- a/program/views.py
+++ b/program/views.py
@@ -306,10 +306,10 @@ class APIImageViewSet(viewsets.ModelViewSet):
     pagination_class = LimitOffsetPagination
 
     def get_queryset(self):
-        """The queryset contains all the images if the requesting user is superuser, otherwise it
-        only includes the images owned by the requesting user."""
+        """The queryset contains all the images if the method is safe, otherwise it only includes
+        the images owned by the requesting user."""
 
-        if self.request.user.is_superuser:
+        if self.request.method in permissions.SAFE_METHODS:
             return Image.objects.all()
         else:
             return Image.objects.filter(owner=self.request.user.username)
-- 
GitLab