From 8f8841ed96465ec896684c684f98f09cf38bd04f Mon Sep 17 00:00:00 2001
From: Gytha Ogg <gythaoggscat@gmail.com>
Date: Thu, 21 Nov 2024 09:30:22 +0100
Subject: [PATCH] remove unauthorised access to update/create views

---
 apis_ontology/settings/server_settings.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/apis_ontology/settings/server_settings.py b/apis_ontology/settings/server_settings.py
index 0ff92ca..b1c11af 100644
--- a/apis_ontology/settings/server_settings.py
+++ b/apis_ontology/settings/server_settings.py
@@ -70,7 +70,8 @@
 
 def apis_view_passes_test(view) -> bool:
     # Temporary hack
-    return True
+    if view.permission_action_required == "view":
+        return True
 
 
 APIS_LIST_VIEWS_ALLOWED = True