Fix: remove unnecessary permission requirements for new email endpoint (#11215)

2025-12-16 01:31:09 -06:00 · 2025-10-29 07:14:51 -07:00
parent 3f32ed319a
commit b60fb8ed82
3 changed files with 54 additions and 1 deletions
--- a/src/documents/permissions.py
+++ b/src/documents/permissions.py
@@ -164,6 +164,24 @@ def has_perms_owner_aware(user, perms, obj):
    return obj.owner is None or obj.owner == user or checker.has_perm(perms, obj)


+class ViewDocumentsPermissions(BasePermission):
+    """
+    Permissions class that checks for model permissions for only viewing Documents.
+    """
+
+    perms_map = {
+        "OPTIONS": ["documents.view_document"],
+        "GET": ["documents.view_document"],
+        "POST": ["documents.view_document"],
+    }
+
+    def has_permission(self, request, view):
+        if not request.user or (not request.user.is_authenticated):  # pragma: no cover
+            return False
+
+        return request.user.has_perms(self.perms_map.get(request.method, []))
+
+
 class PaperlessNotePermissions(BasePermission):
    """
    Permissions class that checks for model permissions for Notes.