Merge pull request #11341 from antkryt/hotfix/ENG-9064

[ENG-9064] When creating file guid through API, needs to work for people with read perms

Author: brianjgeiger

api/files/views.py

@@ -30,7 +30,6 @@
     FileDetailSerializer,
     FileVersionSerializer,
 )
-from osf.utils.permissions import ADMIN
 
 
 class FileMixin:
@@ -87,11 +86,11 @@ def get_target(self):
 
     # overrides RetrieveAPIView
     def get_object(self):
-        user = utils.get_user_auth(self.request).user
         file = self.get_file()
 
         if self.request.GET.get('create_guid', False):
-            if (self.get_target().has_permission(user, ADMIN) and utils.has_admin_scope(self.request)):
+            auth = utils.get_user_auth(self.request)
+            if self.get_target().can_view(auth):
                 file.get_guid(create=True)
 
         # We normally would pass this through `get_file` as an annotation, but the `select_for_update` feature prevents