feat(generic)!: APIS_ANON_VIEWS_ALLOWED setting

BREAKING CHANGE: APIS_LIST_VIEWS_ALLOWED and APIS_DETAIL_VIEWS_ALLOWED are replaced with a single setting APIS_ANON_VIEWS_ALLOWED When APIS_ANON_VIEWS_ALLOWED is set to True List views and Detail views will be open to anyone, without having to login. APIS_LIST_VIEW_OBJECT_FILTER and APIS_VIEW_PASSES_TEST are no longer supported. Custom managers should be used instead. fixes #1400
acdh-oeaw · Dec 17, 2024 · fddd2fd · fddd2fd
1 parent f01e7be
commit fddd2fd
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 54 deletions.
diff --git a/apis_core/core/mixins.py b/apis_core/core/mixins.py
@@ -1,21 +1,13 @@
 from django.conf import settings
 
 
-class ListViewObjectFilterMixin:
+class ViewPermissionMixin:
     """
-    Filter a queryset of a listview using the APIS_LIST_VIEW_OBJECT_FILTER
-    setting if it exists. A child class has to call the `filter_queryset`
-    method somewhere, most likely in the `get_queryset` method.
+    This mixin ensures that no permissions are required for the view
+    if APIS_ANON_VIEWS_ALLOWED is set.
     """
 
-    def filter_queryset(self, queryset):
-        if hasattr(super(), "filter_queryset"):
-            queryset = super().filter_queryset(queryset)
-        if hasattr(settings, "APIS_LIST_VIEW_OBJECT_FILTER"):
-            return settings.APIS_LIST_VIEW_OBJECT_FILTER(self, queryset)
-        return queryset
-
     def get_permission_required(self):
-        if getattr(settings, "APIS_LIST_VIEWS_ALLOWED", False):
+        if getattr(settings, "APIS_ANON_VIEWS_ALLOWED", False):
             return []
         return super().get_permission_required()
diff --git a/apis_core/generic/views.py b/apis_core/generic/views.py
@@ -23,7 +23,6 @@
 from django_tables2.tables import table_factory
 
 from apis_core.apis_metainfo.models import Uri
-from apis_core.core.mixins import ListViewObjectFilterMixin
 from apis_core.utils.helpers import create_object_from_uri, get_importer_for_model
 
 from .filtersets import GenericFilterSet
@@ -88,16 +87,15 @@ def get_template_names(self):
         return template_names
 
     def get_permission_required(self):
-        if hasattr(settings, "APIS_VIEW_PASSES_TEST"):
-            if settings.APIS_VIEW_PASSES_TEST(self):
-                return []
+        if getattr(settings, "APIS_ANON_VIEWS_ALLOWED", True):
+            return []
+
         if hasattr(self, "permission_action_required"):
             return [permission_fullname(self.permission_action_required, self.model)]
         return []
 
 
 class List(
-    ListViewObjectFilterMixin,
     GenericModelMixin,
     PermissionRequiredMixin,
     SingleTableMixin,
@@ -205,13 +203,6 @@ def get_filterset(self, filterset_class):
 
         return filterset
 
-    def get_queryset(self):
-        queryset_methods = module_paths(
-            self.model, path="querysets", suffix="ListViewQueryset"
-        )
-        queryset = first_member_match(queryset_methods) or (lambda x: x)
-        return self.filter_queryset(queryset(self.model.objects.all()))
-
     def get_table_pagination(self, table):
         """
         Override `get_table_pagination` from the tables2 TableMixinBase,

diff --git a/docs/source/configuration.rst b/docs/source/configuration.rst
@@ -98,42 +98,15 @@ APIS_NEXT_PREV
     APIS_NEXT_PREV = True
 
 
-APIS_LIST_VIEWS_ALLOWED
+APIS_ANON_VIEWS_ALLOWED
 ^^^^^^^^^^^^^^^^^^^^^^^
 
 .. code-block:: python
 
-    APIS_LIST_VIEWS_ALLOWED = False
+    APIS_ANON_VIEWS_ALLOWED = False
 
 
-Sets whether list views are accessible for anonymous (not logged in) users.
-
-
-APIS_DETAIL_VIEWS_ALLOWED
-^^^^^^^^^^^^^^^^^^^^^^^^
-
-.. code-block:: python
-    
-    APIS_DETAIL_VIEWS_ALLOWED - False
-
-
-Sets whether detail views are accessible for anonymous (note logged in) users.
-
-APIS_VIEW_PASSES_TEST
-^^^^^^^^^^^^^^^^^^^^^
-
-Allows to define a function that receives the view as an argument - including
-e.g. the `request` object - and can perform checks on any of the views
-attributes. The function can, based on these checks, return a boolean which
-decides if the request is successful or leads to a 403 permission denied.
-
-APIS_LIST_VIEW_OBJECT_FILTER
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Allows to define a function that receives the view - including e.g. the
-`request` object - and a queryset and can do custom filtering on that queryset.
-This can be used to set the listviews to public using the
-`APIS_LIST_VIEWS_ALLOWED` setting, but still only list specific entities.
+Sets whether list and views are accessible for anonymous (not logged in) users.
 
 
 Maintenance Middleware