Restrict modifications to admin users

Signed-off-by: Keshav Priyadarshi <[email protected]>

Author: keshav-space

vulnerabilities/api_v2.py

@@ -710,11 +710,16 @@ class PipelineScheduleV2ViewSet(CreateListRetrieveUpdateViewSet):
     serializer_class = PipelineScheduleAPISerializer
     lookup_field = "pipeline_id"
     lookup_value_regex = r"[\w.]+"
-    # permission_classes = [IsAdminUser]
 
     def get_serializer_class(self):
         if self.action == "create":
             return PipelineScheduleCreateSerializer
         elif self.action == "update":
             return PipelineScheduleUpdateSerializer
         return super().get_serializer_class()
+
+    def get_permissions(self):
+        """Restrict modifications to admin users."""
+        if self.action not in ["list", "retrieve"]:
+            return [IsAdminUser()]
+        return super().get_permissions()