From 052d9770ceb1a31f98f45876b1701584b693932c Mon Sep 17 00:00:00 2001
From: Oliver <oliver.henry.walters@gmail.com>
Date: Fri, 25 Mar 2022 16:39:43 +1100
Subject: [PATCH] Override view permissions for plugin list API

- It is necessary for *any* logged in user to view this endpoint
- This is how the user determines which plugins are available (e.g. for label printing!)
---
 InvenTree/plugin/api.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/InvenTree/plugin/api.py b/InvenTree/plugin/api.py
index 9ab3b96724..15eefff286 100644
--- a/InvenTree/plugin/api.py
+++ b/InvenTree/plugin/api.py
@@ -9,6 +9,7 @@ from django.conf.urls import url, include
 
 from rest_framework import generics
 from rest_framework import status
+from rest_framework import permissions
 from rest_framework.response import Response
 
 from common.api import GlobalSettingsPermissions
@@ -22,6 +23,11 @@ class PluginList(generics.ListAPIView):
     - GET: Return a list of all PluginConfig objects
     """
 
+    # Allow any logged in user to read this endpoint
+    # This is necessary to allow certain functionality,
+    # e.g. determining which label printing plugins are available 
+    permission_classes = [permissions.IsAuthenticated]
+
     serializer_class = PluginSerializers.PluginConfigSerializer
     queryset = PluginConfig.objects.all()