From 283141a3c7dc17a4f7dcf1c1feefe40abb18c80b Mon Sep 17 00:00:00 2001
From: Binod Pant <bpant@edx.org>
Date: Fri, 15 Apr 2022 13:29:11 -0400
Subject: [PATCH] fix: Make SAMLConfiguration viewset readonly (#247)

The ony use is a GET request in admin portal so this view need not be post/put friendly right now.
It may actually get removed in an upcoming iteration, or stay readonly.

Fixes: SEC-1418
---
 common/djangoapps/third_party_auth/saml_configuration/views.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/djangoapps/third_party_auth/saml_configuration/views.py b/common/djangoapps/third_party_auth/saml_configuration/views.py
index 093717b296..aa051aac7f 100644
--- a/common/djangoapps/third_party_auth/saml_configuration/views.py
+++ b/common/djangoapps/third_party_auth/saml_configuration/views.py
@@ -16,7 +16,7 @@ class SAMLConfigurationMixin:
     serializer_class = SAMLConfigurationSerializer
 
 
-class SAMLConfigurationViewSet(SAMLConfigurationMixin, viewsets.ModelViewSet):
+class SAMLConfigurationViewSet(SAMLConfigurationMixin, viewsets.ReadOnlyModelViewSet):
     """
     A View to handle SAMLConfiguration GETs