Sicherhaven
8ae97dcdc7
FeaturedEventsAPI had AllowAny permission but still called validate_token_and_get_user(), causing it to return a token-required error for unauthenticated requests from the desktop hero slider. Removed the token check entirely — the endpoint is public by design. Also tightened the queryset to event_status='published' to match ConsumerFeaturedEventsView behaviour.