diff --git a/apis_core/core/mixins.py b/apis_core/core/mixins.py deleted file mode 100644 index b4c78dc79..000000000 --- a/apis_core/core/mixins.py +++ /dev/null @@ -1,21 +0,0 @@ -from django.conf import settings - - -class ListViewObjectFilterMixin: - """ - Filter a queryset of a listview using the APIS_LIST_VIEW_OBJECT_FILTER - setting if it exists. A child class has to call the `filter_queryset` - method somewhere, most likely in the `get_queryset` method. - """ - - def filter_queryset(self, queryset): - if hasattr(super(), "filter_queryset"): - queryset = super().filter_queryset(queryset) - if hasattr(settings, "APIS_LIST_VIEW_OBJECT_FILTER"): - return settings.APIS_LIST_VIEW_OBJECT_FILTER(self, queryset) - return queryset - - def get_permission_required(self): - if getattr(settings, "APIS_LIST_VIEWS_ALLOWED", False): - return [] - return super().get_permission_required() diff --git a/apis_core/generic/views.py b/apis_core/generic/views.py index c0ca5d3db..2aa409bb7 100644 --- a/apis_core/generic/views.py +++ b/apis_core/generic/views.py @@ -23,7 +23,6 @@ from django_tables2.tables import table_factory from apis_core.apis_metainfo.models import Uri -from apis_core.core.mixins import ListViewObjectFilterMixin from apis_core.utils.helpers import create_object_from_uri, get_importer_for_model from .filtersets import GenericFilterSet @@ -88,16 +87,16 @@ def get_template_names(self): return template_names def get_permission_required(self): - if hasattr(settings, "APIS_VIEW_PASSES_TEST"): - if settings.APIS_VIEW_PASSES_TEST(self): - return [] + if getattr(self, "permission_action_required", None) == "view" and getattr( + settings, "APIS_ANON_VIEWS_ALLOWED", False + ): + return [] if hasattr(self, "permission_action_required"): return [permission_fullname(self.permission_action_required, self.model)] return [] class List( - ListViewObjectFilterMixin, GenericModelMixin, PermissionRequiredMixin, SingleTableMixin, @@ -205,13 +204,6 @@ def get_filterset(self, filterset_class): return filterset - def get_queryset(self): - queryset_methods = module_paths( - self.model, path="querysets", suffix="ListViewQueryset" - ) - queryset = first_member_match(queryset_methods) or (lambda x: x) - return self.filter_queryset(queryset(self.model.objects.all())) - def get_table_pagination(self, table): """ Override `get_table_pagination` from the tables2 TableMixinBase, diff --git a/docs/source/configuration.rst b/docs/source/configuration.rst index 14808f54c..16e6291ef 100644 --- a/docs/source/configuration.rst +++ b/docs/source/configuration.rst @@ -98,42 +98,16 @@ APIS_NEXT_PREV APIS_NEXT_PREV = True -APIS_LIST_VIEWS_ALLOWED +APIS_ANON_VIEWS_ALLOWED ^^^^^^^^^^^^^^^^^^^^^^^ .. code-block:: python - APIS_LIST_VIEWS_ALLOWED = False + APIS_ANON_VIEWS_ALLOWED = False -Sets whether list views are accessible for anonymous (not logged in) users. - - -APIS_DETAIL_VIEWS_ALLOWED -^^^^^^^^^^^^^^^^^^^^^^^^ - -.. code-block:: python - - APIS_DETAIL_VIEWS_ALLOWED - False - - -Sets whether detail views are accessible for anonymous (note logged in) users. - -APIS_VIEW_PASSES_TEST -^^^^^^^^^^^^^^^^^^^^^ - -Allows to define a function that receives the view as an argument - including -e.g. the `request` object - and can perform checks on any of the views -attributes. The function can, based on these checks, return a boolean which -decides if the request is successful or leads to a 403 permission denied. - -APIS_LIST_VIEW_OBJECT_FILTER -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Allows to define a function that receives the view - including e.g. the -`request` object - and a queryset and can do custom filtering on that queryset. -This can be used to set the listviews to public using the -`APIS_LIST_VIEWS_ALLOWED` setting, but still only list specific entities. +Sets whether list and detail views are accessible for anonymous (not logged in) users. +If only a subset of the data should be exposed to the anonymous user, use custom managers. Maintenance Middleware