From b225c32a2b05954a3b648dba2cc6b68efe1f02d0 Mon Sep 17 00:00:00 2001
From: Sander Roosendaal <roosendaalsander@gmail.com>
Date: Tue, 28 Jul 2020 11:22:23 +0200
Subject: [PATCH] raising permissiondenied

---
 rowers/serializers.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/rowers/serializers.py b/rowers/serializers.py
index 00bc396b..25fdc7f2 100644
--- a/rowers/serializers.py
+++ b/rowers/serializers.py
@@ -170,7 +170,10 @@ class WorkoutSerializer(serializers.ModelSerializer):
 
     def create(self, validated_data):
         print(validated_data)
-        r = Rower.objects.get(user=self.context['request'].user)
+        if self.context['request'].user.is_authenticated:
+            r = Rower.objects.get(user=self.context['request'].user)
+        else:
+            raise PermissionDenied("Not allowed")
         d = validated_data['date']
         t = validated_data['starttime']
         rowdatetime = datetime.datetime(d.year,