Skip to content

Commit

Permalink
feat(generic)!: APIS_ANON_VIEWS_ALLOWED setting
Browse files Browse the repository at this point in the history
BREAKING CHANGE: APIS_LIST_VIEWS_ALLOWED and APIS_DETAIL_VIEWS_ALLOWED
are replaced with a single setting APIS_ANON_VIEWS_ALLOWED
When APIS_ANON_VIEWS_ALLOWED is set to True List views and Detail views
will be open to anyone, without having to login.
APIS_LIST_VIEW_OBJECT_FILTER and APIS_VIEW_PASSES_TEST
are no longer supported. Custom managers should be used instead.

fixes #1400
  • Loading branch information
gythaogg committed Dec 17, 2024
1 parent f01e7be commit e2a2770
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 63 deletions.
21 changes: 0 additions & 21 deletions apis_core/core/mixins.py

This file was deleted.

16 changes: 4 additions & 12 deletions apis_core/generic/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@
from django_tables2.tables import table_factory

from apis_core.apis_metainfo.models import Uri
from apis_core.core.mixins import ListViewObjectFilterMixin
from apis_core.utils.helpers import create_object_from_uri, get_importer_for_model

from .filtersets import GenericFilterSet
Expand Down Expand Up @@ -88,16 +87,16 @@ def get_template_names(self):
return template_names

def get_permission_required(self):
if hasattr(settings, "APIS_VIEW_PASSES_TEST"):
if settings.APIS_VIEW_PASSES_TEST(self):
return []
if getattr(self, "permission_action_required", None) == "view" and getattr(
settings, "APIS_ANON_VIEWS_ALLOWED", False
):
return []
if hasattr(self, "permission_action_required"):
return [permission_fullname(self.permission_action_required, self.model)]
return []


class List(
ListViewObjectFilterMixin,
GenericModelMixin,
PermissionRequiredMixin,
SingleTableMixin,
Expand Down Expand Up @@ -205,13 +204,6 @@ def get_filterset(self, filterset_class):

return filterset

def get_queryset(self):
queryset_methods = module_paths(
self.model, path="querysets", suffix="ListViewQueryset"
)
queryset = first_member_match(queryset_methods) or (lambda x: x)
return self.filter_queryset(queryset(self.model.objects.all()))

def get_table_pagination(self, table):
"""
Override `get_table_pagination` from the tables2 TableMixinBase,
Expand Down
33 changes: 3 additions & 30 deletions docs/source/configuration.rst
Original file line number Diff line number Diff line change
Expand Up @@ -98,42 +98,15 @@ APIS_NEXT_PREV
APIS_NEXT_PREV = True
APIS_LIST_VIEWS_ALLOWED
APIS_ANON_VIEWS_ALLOWED
^^^^^^^^^^^^^^^^^^^^^^^

.. code-block:: python
APIS_LIST_VIEWS_ALLOWED = False
APIS_ANON_VIEWS_ALLOWED = False
Sets whether list views are accessible for anonymous (not logged in) users.


APIS_DETAIL_VIEWS_ALLOWED
^^^^^^^^^^^^^^^^^^^^^^^^

.. code-block:: python
APIS_DETAIL_VIEWS_ALLOWED - False
Sets whether detail views are accessible for anonymous (note logged in) users.

APIS_VIEW_PASSES_TEST
^^^^^^^^^^^^^^^^^^^^^

Allows to define a function that receives the view as an argument - including
e.g. the `request` object - and can perform checks on any of the views
attributes. The function can, based on these checks, return a boolean which
decides if the request is successful or leads to a 403 permission denied.

APIS_LIST_VIEW_OBJECT_FILTER
^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Allows to define a function that receives the view - including e.g. the
`request` object - and a queryset and can do custom filtering on that queryset.
This can be used to set the listviews to public using the
`APIS_LIST_VIEWS_ALLOWED` setting, but still only list specific entities.
Sets whether list and views are accessible for anonymous (not logged in) users.


Maintenance Middleware
Expand Down

0 comments on commit e2a2770

Please sign in to comment.