Skip to content

Commit

Permalink
feat(generic)!: APIS_ANON_VIEWS_ALLOWED setting
Browse files Browse the repository at this point in the history
BREAKING CHANGE: APIS_LIST_VIEWS_ALLOWED and APIS_DETAIL_VIEWS_ALLOWED
are replaced with a single setting APIS_ANON_VIEWS_ALLOWED
BREAKIING CHANGE; APIS_LIST_VIEW_OBJECT_FILTER and APIS_VIEW_PASSES_TEST
are no longer supported. Custom managers should be used instead.

fixes #1400
  • Loading branch information
gythaogg committed Dec 17, 2024
1 parent f01e7be commit 98bbea5
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 28 deletions.
16 changes: 4 additions & 12 deletions apis_core/core/mixins.py
Original file line number Diff line number Diff line change
@@ -1,21 +1,13 @@
from django.conf import settings


class ListViewObjectFilterMixin:
class ViewPermissionMixin:
"""
Filter a queryset of a listview using the APIS_LIST_VIEW_OBJECT_FILTER
setting if it exists. A child class has to call the `filter_queryset`
method somewhere, most likely in the `get_queryset` method.
This mixin ensures that no permissions are required for the view
if APIS_ANON_VIEWS_ALLOWED is set.
"""

def filter_queryset(self, queryset):
if hasattr(super(), "filter_queryset"):
queryset = super().filter_queryset(queryset)
if hasattr(settings, "APIS_LIST_VIEW_OBJECT_FILTER"):
return settings.APIS_LIST_VIEW_OBJECT_FILTER(self, queryset)
return queryset

def get_permission_required(self):
if getattr(settings, "APIS_LIST_VIEWS_ALLOWED", False):
if getattr(settings, "APIS_ANON_VIEWS_ALLOWED", False):
return []
return super().get_permission_required()
18 changes: 5 additions & 13 deletions apis_core/generic/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@

from dal import autocomplete
from django import forms, http
from django.conf import settings
from django.contrib import messages
from django.contrib.auth.mixins import PermissionRequiredMixin
from django.core.exceptions import ImproperlyConfigured
Expand All @@ -23,7 +22,7 @@
from django_tables2.tables import table_factory

from apis_core.apis_metainfo.models import Uri
from apis_core.core.mixins import ListViewObjectFilterMixin
from apis_core.core.mixins import ViewPermissionMixin
from apis_core.utils.helpers import create_object_from_uri, get_importer_for_model

from .filtersets import GenericFilterSet
Expand All @@ -38,7 +37,6 @@
first_member_match,
generate_search_filter,
module_paths,
permission_fullname,
template_names_via_mro,
)
from .tables import GenericTable
Expand Down Expand Up @@ -87,17 +85,9 @@ def get_template_names(self):
)
return template_names

def get_permission_required(self):
if hasattr(settings, "APIS_VIEW_PASSES_TEST"):
if settings.APIS_VIEW_PASSES_TEST(self):
return []
if hasattr(self, "permission_action_required"):
return [permission_fullname(self.permission_action_required, self.model)]
return []


class List(
ListViewObjectFilterMixin,
ViewPermissionMixin,
GenericModelMixin,
PermissionRequiredMixin,
SingleTableMixin,
Expand Down Expand Up @@ -222,7 +212,9 @@ def get_table_pagination(self, table):
return super().get_table_pagination(table)


class Detail(GenericModelMixin, PermissionRequiredMixin, DetailView):
class Detail(
ViewPermissionMixin, GenericModelMixin, PermissionRequiredMixin, DetailView
):
"""
Detail view for a generic model.
Access requires the `<model>_view` permission.
Expand Down
6 changes: 3 additions & 3 deletions docs/source/configuration.rst
Original file line number Diff line number Diff line change
Expand Up @@ -98,15 +98,15 @@ APIS_NEXT_PREV
APIS_NEXT_PREV = True
APIS_LIST_VIEWS_ALLOWED
APIS_ANON_VIEWS_ALLOWED
^^^^^^^^^^^^^^^^^^^^^^^

.. code-block:: python
APIS_LIST_VIEWS_ALLOWED = False
APIS_ANON_VIEWS_ALLOWED = False
Sets whether list views are accessible for anonymous (not logged in) users.
Sets whether list and views are accessible for anonymous (not logged in) users.


APIS_DETAIL_VIEWS_ALLOWED
Expand Down

0 comments on commit 98bbea5

Please sign in to comment.