From 7840af8fe2187d20c69586599940ab16ac5c3a60 Mon Sep 17 00:00:00 2001
From: phzhik <phzhitnikov@gmail.com>
Date: Mon, 10 Jul 2023 20:27:03 +0400
Subject: [PATCH] * Disallow anonymous users to list Checklists

---
 store/views.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/store/views.py b/store/views.py
index cafb7b6..6f80322 100644
--- a/store/views.py
+++ b/store/views.py
@@ -76,6 +76,7 @@ class ChecklistAPI(mixins.ListModelMixin, mixins.CreateModelMixin, mixins.Retrie
         if self.request.user.is_authenticated:
             return ChecklistSerializer
 
+        # Anonymous users can edit only a certain set of fields
         return AnonymousUserChecklistSerializer
 
     def get_permissions(self):
@@ -107,6 +108,11 @@ class ChecklistAPI(mixins.ListModelMixin, mixins.CreateModelMixin, mixins.Retrie
     def get(self, request, *args, **kwargs):
         if 'id' in kwargs:
             return self.retrieve(request, *args, **kwargs)
+
+        if not request.user.is_authenticated:
+            # Anonymous users can't list checklists
+            return Response([])
+
         return self.list(request, *args, **kwargs)
 
     def patch(self, request, *args, **kwargs):