feat(generic)!: APIS_ANON_VIEWS_ALLOWED setting

BREAKING CHANGE: APIS_LIST_VIEWS_ALLOWED and APIS_DETAIL_VIEWS_ALLOWED are replaced with a single setting APIS_ANON_VIEWS_ALLOWED BREAKIING CHANGE; APIS_LIST_VIEW_OBJECT_FILTER and APIS_VIEW_PASSES_TEST are no longer supported. Custom managers should be used instead. fixes #1400
acdh-oeaw · Dec 17, 2024 · bdf6288 · bdf6288
1 parent f01e7be
commit bdf6288
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 26 deletions.
diff --git a/apis_core/core/mixins.py b/apis_core/core/mixins.py
@@ -1,21 +1,13 @@
 from django.conf import settings
 
 
-class ListViewObjectFilterMixin:
+class ViewPermissionMixin:
     """
-    Filter a queryset of a listview using the APIS_LIST_VIEW_OBJECT_FILTER
-    setting if it exists. A child class has to call the `filter_queryset`
-    method somewhere, most likely in the `get_queryset` method.
+    This mixin ensures that no permissions are required for the view
+    if APIS_ANON_VIEWS_ALLOWED is set.
     """
 
-    def filter_queryset(self, queryset):
-        if hasattr(super(), "filter_queryset"):
-            queryset = super().filter_queryset(queryset)
-        if hasattr(settings, "APIS_LIST_VIEW_OBJECT_FILTER"):
-            return settings.APIS_LIST_VIEW_OBJECT_FILTER(self, queryset)
-        return queryset
-
     def get_permission_required(self):
-        if getattr(settings, "APIS_LIST_VIEWS_ALLOWED", False):
+        if getattr(settings, "APIS_ANON_VIEWS_ALLOWED", False):
             return []
         return super().get_permission_required()
diff --git a/apis_core/generic/views.py b/apis_core/generic/views.py
@@ -23,7 +23,7 @@
 from django_tables2.tables import table_factory
 
 from apis_core.apis_metainfo.models import Uri
-from apis_core.core.mixins import ListViewObjectFilterMixin
+from apis_core.core.mixins import ViewPermissionMixin
 from apis_core.utils.helpers import create_object_from_uri, get_importer_for_model
 
 from .filtersets import GenericFilterSet
@@ -87,17 +87,9 @@ def get_template_names(self):
         )
         return template_names
 
-    def get_permission_required(self):
-        if hasattr(settings, "APIS_VIEW_PASSES_TEST"):
-            if settings.APIS_VIEW_PASSES_TEST(self):
-                return []
-        if hasattr(self, "permission_action_required"):
-            return [permission_fullname(self.permission_action_required, self.model)]
-        return []
-
 
 class List(
-    ListViewObjectFilterMixin,
+    ViewPermissionMixin,
     GenericModelMixin,
     PermissionRequiredMixin,
     SingleTableMixin,
@@ -222,7 +214,9 @@ def get_table_pagination(self, table):
         return super().get_table_pagination(table)
 
 
-class Detail(GenericModelMixin, PermissionRequiredMixin, DetailView):
+class Detail(
+    ViewPermissionMixin, GenericModelMixin, PermissionRequiredMixin, DetailView
+):
     """
     Detail view for a generic model.
     Access requires the `<model>_view` permission.

diff --git a/docs/source/configuration.rst b/docs/source/configuration.rst
@@ -98,15 +98,15 @@ APIS_NEXT_PREV
     APIS_NEXT_PREV = True
 
 
-APIS_LIST_VIEWS_ALLOWED
+APIS_ANON_VIEWS_ALLOWED
 ^^^^^^^^^^^^^^^^^^^^^^^
 
 .. code-block:: python
 
-    APIS_LIST_VIEWS_ALLOWED = False
+    APIS_ANON_VIEWS_ALLOWED = False
 
 
-Sets whether list views are accessible for anonymous (not logged in) users.
+Sets whether list and views are accessible for anonymous (not logged in) users.
 
 
 APIS_DETAIL_VIEWS_ALLOWED