From c30ce471c2536955dab66ce956943a2117afe0e1 Mon Sep 17 00:00:00 2001
From: vabene1111 <vabene1234@googlemail.com>
Date: Thu, 28 Jan 2021 14:41:00 +0100
Subject: [PATCH] api permissions + shopping list on mobile

---
 cookbook/templates/shopping_list.html | 8 ++++----
 cookbook/views/api.py                 | 3 ++-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/cookbook/templates/shopping_list.html b/cookbook/templates/shopping_list.html
index 1c01f4e46..8e7be0684 100644
--- a/cookbook/templates/shopping_list.html
+++ b/cookbook/templates/shopping_list.html
@@ -137,11 +137,11 @@
 
 
             <div class="row">
-                <div class="col col-md-3">
+                <div class="col-12 col-lg-3">
                     <input class="form-control" type="number" placeholder="{% trans 'Amount' %}"
                            v-model="new_entry.amount" ref="new_entry_amount">
                 </div>
-                <div class="col col-md-4">
+                <div class="col-12 col-lg-4">
                     <multiselect
                             v-tabindex
                             ref="unit"
@@ -163,7 +163,7 @@
                             @search-change="searchUnits">
                     </multiselect>
                 </div>
-                <div class="col col-md-4">
+                <div class="col-12 col-lg-4">
                     <multiselect
                             v-tabindex
                             ref="food"
@@ -186,7 +186,7 @@
                     </multiselect>
                 </div>
 
-                <div class="col col-md-1 my-auto text-right">
+                <div class="col-12 col-lg-1 my-auto text-right">
                     <button class="btn btn-success btn-lg" @click="addEntry()"><i class="fa fa-plus"></i>
                     </button>
                 </div>
diff --git a/cookbook/views/api.py b/cookbook/views/api.py
index 0c5730791..fafbe1b36 100644
--- a/cookbook/views/api.py
+++ b/cookbook/views/api.py
@@ -399,7 +399,7 @@ def get_external_file_link(request, recipe_id):
     return HttpResponse(recipe.link)
 
 
-@group_required('user')
+@group_required('guest')
 def get_recipe_file(request, recipe_id):
     recipe = Recipe.objects.get(id=recipe_id)
     # if not recipe.cors_link:
@@ -522,6 +522,7 @@ def recipe_from_url(request):
     return get_from_html(response.text, url)
 
 
+@group_required('admin')
 def get_backup(request):
     if not request.user.is_superuser:
         return HttpResponse('', status=403)