From 0369deb72d0585d079dd7ba385964a8c5a99308d Mon Sep 17 00:00:00 2001
From: Raphael Michel <mail@raphaelmichel.de>
Date: Thu, 27 Sep 2018 10:01:57 +0200
Subject: [PATCH] Fix permission for access to root event resource

---
 src/pretix/api/auth/permission.py | 2 +-
 src/tests/api/test_permissions.py | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/pretix/api/auth/permission.py b/src/pretix/api/auth/permission.py
index c8bb2529a..353446df8 100644
--- a/src/pretix/api/auth/permission.py
+++ b/src/pretix/api/auth/permission.py
@@ -75,7 +75,7 @@ class EventCRUDPermission(EventPermission):
             return False
         elif view.action == 'destroy' and 'can_change_event_settings' not in request.eventpermset:
             return False
-        elif view.action in ['retrieve', 'update', 'partial_update'] \
+        elif view.action in ['update', 'partial_update'] \
                 and 'can_change_event_settings' not in request.eventpermset:
             return False
 
diff --git a/src/tests/api/test_permissions.py b/src/tests/api/test_permissions.py
index db5792101..4f59915e5 100644
--- a/src/tests/api/test_permissions.py
+++ b/src/tests/api/test_permissions.py
@@ -6,6 +6,7 @@ from django.test import override_settings
 from pretix.base.models import Organizer
 
 event_urls = [
+    (None, ''),
     (None, 'categories/'),
     ('can_view_orders', 'invoices/'),
     (None, 'items/'),