From 6a0dc4cb10084583cb0b5c269fc2c73c8d81d12b Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <yohann.danello@gmail.com>
Date: Wed, 9 Sep 2020 22:27:07 +0200
Subject: [PATCH] Users can see every API page since querysets are filtered and
 modifications are protected

---
 apps/permission/permissions.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/apps/permission/permissions.py b/apps/permission/permissions.py
index 03f07992..b0885e81 100644
--- a/apps/permission/permissions.py
+++ b/apps/permission/permissions.py
@@ -14,8 +14,9 @@ class StrongDjangoObjectPermissions(DjangoObjectPermissions):
     This is a simple patch of this class that controls view access.
     """
 
+    # The queryset is filtered, and permissions are more powerful than a simple check than just "can view this model"
     perms_map = {
-        'GET': ['%(app_label)s.view_%(model_name)s'],
+        'GET': [],      # ['%(app_label)s.view_%(model_name)s'],
         'OPTIONS': [],
         'HEAD': [],
         'POST': ['%(app_label)s.add_%(model_name)s'],