-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
API V3: change permissions to allow anonymous access to public resources #11485
Conversation
if self.name: | ||
return self.name |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If there is a name, that should always take precedence.
Otherwise, we end with something like Projects None
https://app.readthedocs.org/api/v3/projects/stsewd-demo/superproject/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I ran into this while working on sync-versions, and glad to see it fixed :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks like a great refactor to me. I had a few questions, but overall it looks solid.
if self.name: | ||
return self.name |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I ran into this while working on sync-versions, and glad to see it fixed :)
# Any other action is read-only. | ||
else: | ||
permission_classes = [ReadOnlyPermission] | ||
return [permission() for permission in permission_classes] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Interesting that you need to instantiate them.
@@ -238,7 +252,7 @@ class SubprojectRelationshipViewSet( | |||
model = ProjectRelationship | |||
lookup_field = "alias" | |||
lookup_url_kwarg = "alias_slug" | |||
queryset = ProjectRelationship.objects.all() | |||
permission_classes = [ReadOnlyPermission | (IsAuthenticated & IsProjectAdmin)] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we need this defined when we have the permissions setup in the APIv3Settings
object?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
APIv3Settings no longer has a default permission class, each view needs to explicitly declare the permissions. This is since each view requires different permissions.
.api
to filter resources by the current user, if anything extra is needed, each view can override the queryset.Ref readthedocs/ext-theme#154