fix: add permission check

openedx · Oct 12, 2023 · effe672 · effe672
1 parent 04233cb
commit effe672
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/openedx_tagging/core/tagging/rest_api/v1/views.py b/openedx_tagging/core/tagging/rest_api/v1/views.py
@@ -208,6 +208,9 @@ def export(self, request, **_kwargs) -> HttpResponse:
         Export a taxonomy.
         """
         taxonomy = self.get_object()
+        perm = "oel_tagging.export_taxonomy"
+        if not request.user.has_perm(perm, taxonomy):
+            raise PermissionDenied("You do not have permission to export this taxonomy.")
         query_params = TaxonomyExportQueryParamsSerializer(
             data=request.query_params.dict()
         )