From 837e2b530a1d12fa799e0faf78915c974ffd2737 Mon Sep 17 00:00:00 2001
From: phzhik <phzhitnikov@gmail.com>
Date: Thu, 30 May 2024 20:58:13 +0400
Subject: [PATCH] * Make API schema visible only for admins

---
 poizonstore/urls.py | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/poizonstore/urls.py b/poizonstore/urls.py
index 5d28fae..dd41d82 100644
--- a/poizonstore/urls.py
+++ b/poizonstore/urls.py
@@ -17,9 +17,11 @@ Including another URLconf
 from django.conf import settings
 from django.conf.urls.static import static
 from django.contrib import admin
+from django.contrib.auth.decorators import permission_required
 from django.urls import path, include
 from drf_spectacular.views import SpectacularAPIView, SpectacularRedocView
 
+from account.permissions import IsAdmin
 
 urlpatterns = [
     path('admin/', admin.site.urls),
@@ -31,8 +33,7 @@ urlpatterns = [
   + static(settings.STATIC_URL)
 
 # API schema
-if settings.DEBUG:
-    urlpatterns += [
-        path('api/schema/', SpectacularAPIView.as_view(), name='schema'),
-        path('api/redoc/', SpectacularRedocView.as_view(url_name='schema'), name='redoc'),
-    ]
+urlpatterns += [
+    path('api/schema/', permission_required([IsAdmin])(SpectacularAPIView.as_view()), name='schema'),
+    path('api/redoc/', permission_required([IsAdmin])(SpectacularRedocView.as_view(url_name='schema')), name='redoc'),
+]