request.user.is_anonymous checks in some Viewsets might be dead code #2463
Description
Summary
See this diff for places in the Viewset code where there is a branch in the get_queryset method (or somewhere else) that guards against not request.user.is_anonymous, even though the main View class has a IsAuthenticated permissions class.
So it's not clear if this code is necessary since the View should be immediately returning an error and not even get to the point where it makes a query to fulfill the request.
I also added another note about the CustomPermissions class (which is used in the Django options as a default permissions class) that looks like dead code as well, since there are no Views that I can find that leave their permissions_classes field empty, but that might requirer a closer look to confirm.
Category
Select one: Tech debt