Handle pure django users in userinfo endpoint

Any user that does not have a GregUserProfile must be a superuser so this is not a problem per se, but it should be handled. For now we simply treat them as an anonymous user and deny access. Resolves: GREG-116

Handle pure django users in userinfo endpoint
Any user that does not have a GregUserProfile must be a superuser so this is not a problem per se, but it should be handled. For now we simply treat them as an anonymous user and deny access. Resolves: GREG-116
f3bbd025 · Andreas Ellewsen · dbe6db61 · f3bbd025
Verified Commit f3bbd025 authored 3 years ago by Andreas Ellewsen
--- a/gregui/api/views/userinfo.py
+++ b/gregui/api/views/userinfo.py
@@ -39,7 +39,10 @@ class UserInfoView(APIView):

        # Authenticated user, allow access
        if user.is_authenticated:
-            user_profile = GregUserProfile.objects.get(user=user)
+            try:
+                user_profile = GregUserProfile.objects.get(user=user)
+            except GregUserProfile.DoesNotExist:
+                return Response(status=HTTP_403_FORBIDDEN)
            sponsor_id = None
            person_id = None
            if user_profile.sponsor: