From effe6727b5b78c5bc7f21b9f56dd51add66d55c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=B4mulo=20Penido?= <romulo@opencraft.com>
Date: Thu, 12 Oct 2023 10:00:38 -0300
Subject: [PATCH] fix: add permission check

---
 openedx_tagging/core/tagging/rest_api/v1/views.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/openedx_tagging/core/tagging/rest_api/v1/views.py b/openedx_tagging/core/tagging/rest_api/v1/views.py
index 11259888..d7251286 100644
--- a/openedx_tagging/core/tagging/rest_api/v1/views.py
+++ b/openedx_tagging/core/tagging/rest_api/v1/views.py
@@ -208,6 +208,9 @@ def export(self, request, **_kwargs) -> HttpResponse:
         Export a taxonomy.
         """
         taxonomy = self.get_object()
+        perm = "oel_tagging.export_taxonomy"
+        if not request.user.has_perm(perm, taxonomy):
+            raise PermissionDenied("You do not have permission to export this taxonomy.")
         query_params = TaxonomyExportQueryParamsSerializer(
             data=request.query_params.dict()
         )