[Fixes #9842] Extra metadata endpoint return 403 even if the user has…

… view perms
GeoNode · Aug 10, 2022 · d576d6c · d576d6c
1 parent 5643163
commit d576d6c
Showing 1 changed file with 6 additions and 17 deletions.
diff --git a/geonode/base/api/views.py b/geonode/base/api/views.py
@@ -358,10 +358,7 @@ def favorites(self, request, pk=None):
                    description="API endpoint allowing to retrieve the favorite Resources.")
     @action(detail=True, methods=['post', 'delete'], permission_classes=[IsAuthenticated])
     def favorite(self, request, pk=None):
-        resource = ResourceBase.objects.filter(pk=pk)
-        if not resource.exists():
-            raise NotFound
-        resource = resource.first()
+        resource = self.get_object()
         user = request.user
 
         if request.method == 'POST':
@@ -562,10 +559,7 @@ def resource_service_permissions(self, request, pk=None):
 
         """
         config = Configuration.load()
-        resource = ResourceBase.objects.filter(pk=pk)
-        if not resource.exists():
-            raise NotFound
-        resource = resource.first()
+        resource = self.get_object()
         _user_can_manage = request.user.has_perm('change_resourcebase_permissions', resource.get_self_resource())
         if config.read_only or config.maintenance or request.user.is_anonymous or not request.user.is_authenticated or \
                 resource is None or not _user_can_manage:
@@ -1182,10 +1176,7 @@ def resource_service_copy(self, request, pk=None):
             IsAuthenticatedOrReadOnly, UserHasPerms
         ])
     def ratings(self, request, pk=None):
-        resource = ResourceBase.objects.filter(pk=pk)
-        if not resource.exists():
-            raise NotFound
-        resource = resource.first()
+        resource = self.get_object()
         resource = resource.get_real_instance()
         ct = ContentType.objects.get_for_model(resource)
         if request.method == 'POST':
@@ -1306,11 +1297,9 @@ def set_thumbnail(self, request, pk=None):
         url_path=r"extra_metadata",  # noqa
         url_name="extra-metadata",
     )
-    def extra_metadata(self, request, pk=None):
-        _obj = ResourceBase.objects.filter(pk=pk)
-        if not _obj.exists():
-            raise NotFound
-        _obj = _obj.first()
+    def extra_metadata(self, request, pk):
+        _obj = get_object_or_404(ResourceBase, pk=pk)
+
         if request.method == "GET":
             # get list of available metadata
             queryset = _obj.metadata.all()