From bdf6288f5ff836be14a6814c367e6bc62618b4a5 Mon Sep 17 00:00:00 2001 From: Gytha Ogg Date: Sun, 17 Nov 2024 11:40:26 +0100 Subject: [PATCH] feat(generic)!: APIS_ANON_VIEWS_ALLOWED setting BREAKING CHANGE: APIS_LIST_VIEWS_ALLOWED and APIS_DETAIL_VIEWS_ALLOWED are replaced with a single setting APIS_ANON_VIEWS_ALLOWED BREAKIING CHANGE; APIS_LIST_VIEW_OBJECT_FILTER and APIS_VIEW_PASSES_TEST are no longer supported. Custom managers should be used instead. fixes #1400 --- apis_core/core/mixins.py | 16 ++++------------ apis_core/generic/views.py | 16 +++++----------- docs/source/configuration.rst | 6 +++--- 3 files changed, 12 insertions(+), 26 deletions(-) diff --git a/apis_core/core/mixins.py b/apis_core/core/mixins.py index b4c78dc79..0e7c1573f 100644 --- a/apis_core/core/mixins.py +++ b/apis_core/core/mixins.py @@ -1,21 +1,13 @@ from django.conf import settings -class ListViewObjectFilterMixin: +class ViewPermissionMixin: """ - Filter a queryset of a listview using the APIS_LIST_VIEW_OBJECT_FILTER - setting if it exists. A child class has to call the `filter_queryset` - method somewhere, most likely in the `get_queryset` method. + This mixin ensures that no permissions are required for the view + if APIS_ANON_VIEWS_ALLOWED is set. """ - def filter_queryset(self, queryset): - if hasattr(super(), "filter_queryset"): - queryset = super().filter_queryset(queryset) - if hasattr(settings, "APIS_LIST_VIEW_OBJECT_FILTER"): - return settings.APIS_LIST_VIEW_OBJECT_FILTER(self, queryset) - return queryset - def get_permission_required(self): - if getattr(settings, "APIS_LIST_VIEWS_ALLOWED", False): + if getattr(settings, "APIS_ANON_VIEWS_ALLOWED", False): return [] return super().get_permission_required() diff --git a/apis_core/generic/views.py b/apis_core/generic/views.py index c0ca5d3db..c40ba5dae 100644 --- a/apis_core/generic/views.py +++ b/apis_core/generic/views.py @@ -23,7 +23,7 @@ from django_tables2.tables import table_factory from apis_core.apis_metainfo.models import Uri -from apis_core.core.mixins import ListViewObjectFilterMixin +from apis_core.core.mixins import ViewPermissionMixin from apis_core.utils.helpers import create_object_from_uri, get_importer_for_model from .filtersets import GenericFilterSet @@ -87,17 +87,9 @@ def get_template_names(self): ) return template_names - def get_permission_required(self): - if hasattr(settings, "APIS_VIEW_PASSES_TEST"): - if settings.APIS_VIEW_PASSES_TEST(self): - return [] - if hasattr(self, "permission_action_required"): - return [permission_fullname(self.permission_action_required, self.model)] - return [] - class List( - ListViewObjectFilterMixin, + ViewPermissionMixin, GenericModelMixin, PermissionRequiredMixin, SingleTableMixin, @@ -222,7 +214,9 @@ def get_table_pagination(self, table): return super().get_table_pagination(table) -class Detail(GenericModelMixin, PermissionRequiredMixin, DetailView): +class Detail( + ViewPermissionMixin, GenericModelMixin, PermissionRequiredMixin, DetailView +): """ Detail view for a generic model. Access requires the `_view` permission. diff --git a/docs/source/configuration.rst b/docs/source/configuration.rst index 14808f54c..4cb88f4c3 100644 --- a/docs/source/configuration.rst +++ b/docs/source/configuration.rst @@ -98,15 +98,15 @@ APIS_NEXT_PREV APIS_NEXT_PREV = True -APIS_LIST_VIEWS_ALLOWED +APIS_ANON_VIEWS_ALLOWED ^^^^^^^^^^^^^^^^^^^^^^^ .. code-block:: python - APIS_LIST_VIEWS_ALLOWED = False + APIS_ANON_VIEWS_ALLOWED = False -Sets whether list views are accessible for anonymous (not logged in) users. +Sets whether list and views are accessible for anonymous (not logged in) users. APIS_DETAIL_VIEWS_ALLOWED