From d6321588f37fcf9483ead4d063c7c6ed81687fbd Mon Sep 17 00:00:00 2001
From: allegroai <>
Date: Mon, 1 Jun 2020 11:43:55 +0300
Subject: [PATCH] Fix role checked for endpoints not requiring authorization

---
 server/bll/event/event_bll.py     | 4 +++-
 server/service_repo/validators.py | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/server/bll/event/event_bll.py b/server/bll/event/event_bll.py
index 078b2e7..e846d9b 100644
--- a/server/bll/event/event_bll.py
+++ b/server/bll/event/event_bll.py
@@ -74,7 +74,9 @@ class EventBLL(object):
         errors_per_type = defaultdict(int)
         valid_tasks = self._get_valid_tasks(
             company_id,
-            task_ids={event["task"] for event in events if event.get("task")},
+            task_ids={
+                event["task"] for event in events if event.get("task") is not None
+            },
             allow_locked_tasks=allow_locked_tasks,
         )
         for event in events:
diff --git a/server/service_repo/validators.py b/server/service_repo/validators.py
index 67629bd..50eab99 100644
--- a/server/service_repo/validators.py
+++ b/server/service_repo/validators.py
@@ -52,7 +52,7 @@ def validate_all(call: APICall, endpoint: Endpoint):
 
 def validate_role(endpoint, call):
     try:
-        if not endpoint.allows(call.identity.role):
+        if endpoint.authorize and not endpoint.allows(call.identity.role):
             raise errors.forbidden.RoleNotAllowed(role=call.identity.role, allowed=endpoint.allow_roles)
     except MissingIdentity:
         pass