From ef6ebcdcf4e442841fe5932113451e4feb4321ad Mon Sep 17 00:00:00 2001
From: Jon <jonathon.lockwood@networkedweb.com>
Date: Mon, 16 Jun 2025 16:22:47 +0930
Subject: [PATCH] fix(access): Ensure that if method not allowed, exception is
 thrown first before perms check

ref: #833
---
 app/access/mixins/permissions.py | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/app/access/mixins/permissions.py b/app/access/mixins/permissions.py
index 0da023f7..890fe2b0 100644
--- a/app/access/mixins/permissions.py
+++ b/app/access/mixins/permissions.py
@@ -110,6 +110,12 @@ class OrganizationPermissionMixin(
 
             raise centurion_exceptions.NotAuthenticated()
 
+
+        if request.method not in view.allowed_methods:
+
+            raise centurion_exceptions.MethodNotAllowed(method = request.method)
+
+
         try:
 
             if (
@@ -153,12 +159,7 @@ class OrganizationPermissionMixin(
                 has_permission_required: bool = permission_required in user_permissions
 
 
-            if request.method not in view.allowed_methods:
-
-                raise centurion_exceptions.MethodNotAllowed(method = request.method)
-
-
-            elif not has_permission_required and not request.user.is_superuser:
+            if not has_permission_required and not request.user.is_superuser:
 
                 raise centurion_exceptions.PermissionDenied()