API/Organizer: Allow Device-Token access to Organizer settings; expose mf0aes_random_uid (#5326)

src/pretix/api/serializers/organizer.py

@@ -484,6 +484,7 @@ class OrganizerSettingsSerializer(SettingsSerializer):
         'reusable_media_type_nfc_mf0aes',
         'reusable_media_type_nfc_mf0aes_autocreate_giftcard',
         'reusable_media_type_nfc_mf0aes_autocreate_giftcard_currency',
+        'reusable_media_type_nfc_mf0aes_random_uid',
     ]
 
     def __init__(self, *args, **kwargs):

src/pretix/api/views/organizer.py

@@ -546,7 +546,8 @@ class DeviceViewSet(mixins.CreateModelMixin,
 
 
 class OrganizerSettingsView(views.APIView):
-    permission = 'can_change_organizer_settings'
+    permission = None
+    write_permission = 'can_change_organizer_settings'
 
     def get(self, request, *args, **kwargs):
         s = OrganizerSettingsSerializer(instance=request.organizer.settings, organizer=request.organizer, context={