From 56807765730bbcebc5bb79402c88d16720a0e3cb Mon Sep 17 00:00:00 2001 From: Oksamies Date: Mon, 24 Jun 2024 17:52:49 +0300 Subject: [PATCH] Fix existing Cyberstorm views permission classes --- django/thunderstore/api/cyberstorm/tests/test_team.py | 4 ++-- django/thunderstore/api/cyberstorm/views/community.py | 3 ++- .../api/cyberstorm/views/community_filters.py | 2 ++ .../thunderstore/api/cyberstorm/views/community_list.py | 3 ++- django/thunderstore/api/cyberstorm/views/markdown.py | 3 +++ .../thunderstore/api/cyberstorm/views/package_listing.py | 2 ++ .../api/cyberstorm/views/package_listing_list.py | 2 ++ .../api/cyberstorm/views/package_version_list.py | 2 ++ django/thunderstore/api/cyberstorm/views/team.py | 8 +++----- 9 files changed, 20 insertions(+), 9 deletions(-) diff --git a/django/thunderstore/api/cyberstorm/tests/test_team.py b/django/thunderstore/api/cyberstorm/tests/test_team.py index 0c8e73e63..fdc417ec1 100644 --- a/django/thunderstore/api/cyberstorm/tests/test_team.py +++ b/django/thunderstore/api/cyberstorm/tests/test_team.py @@ -57,13 +57,13 @@ def test_team_api_view__for_inactive_team__returns_404( @pytest.mark.django_db -def test_team_membership_permission__for_unauthenticated_user__returns_401( +def test_team_membership_permission__for_no_user__returns_403( api_client: APIClient, team: Team, ): response = api_client.get(f"/api/cyberstorm/team/{team.name}/member/") - assert response.status_code == 401 + assert response.status_code == 403 @pytest.mark.django_db diff --git a/django/thunderstore/api/cyberstorm/views/community.py b/django/thunderstore/api/cyberstorm/views/community.py index e505dbd36..6f92f68cd 100644 --- a/django/thunderstore/api/cyberstorm/views/community.py +++ b/django/thunderstore/api/cyberstorm/views/community.py @@ -1,4 +1,5 @@ from rest_framework.generics import RetrieveAPIView +from rest_framework.permissions import AllowAny from thunderstore.api.cyberstorm.serializers import CyberstormCommunitySerializer from thunderstore.api.utils import CyberstormAutoSchemaMixin @@ -8,7 +9,7 @@ class CommunityAPIView(CyberstormAutoSchemaMixin, RetrieveAPIView): lookup_url_kwarg = "community_id" lookup_field = "identifier" - permission_classes = [] + permission_classes = [AllowAny] # Unlisted communities are included, as direct links to them should work. queryset = Community.objects.all() diff --git a/django/thunderstore/api/cyberstorm/views/community_filters.py b/django/thunderstore/api/cyberstorm/views/community_filters.py index a17977f5c..7063a9708 100644 --- a/django/thunderstore/api/cyberstorm/views/community_filters.py +++ b/django/thunderstore/api/cyberstorm/views/community_filters.py @@ -1,5 +1,6 @@ from rest_framework import serializers from rest_framework.generics import get_object_or_404 +from rest_framework.permissions import AllowAny from rest_framework.request import Request from rest_framework.response import Response from rest_framework.views import APIView @@ -23,6 +24,7 @@ class CommunityFiltersAPIView(APIView): they can be used as filters. """ + permission_classes = [AllowAny] queryset = Community.objects.prefetch_related("package_categories") serializer_class = CommunityFiltersAPIViewSerializer diff --git a/django/thunderstore/api/cyberstorm/views/community_list.py b/django/thunderstore/api/cyberstorm/views/community_list.py index 8fcaee457..334f3ac2a 100644 --- a/django/thunderstore/api/cyberstorm/views/community_list.py +++ b/django/thunderstore/api/cyberstorm/views/community_list.py @@ -1,6 +1,7 @@ from rest_framework.filters import SearchFilter from rest_framework.generics import ListAPIView from rest_framework.pagination import PageNumberPagination +from rest_framework.permissions import AllowAny from thunderstore.api.cyberstorm.serializers import CyberstormCommunitySerializer from thunderstore.api.ordering import StrictOrderingFilter @@ -13,7 +14,7 @@ class CommunityPaginator(PageNumberPagination): class CommunityListAPIView(CyberstormAutoSchemaMixin, ListAPIView): - permission_classes = [] + permission_classes = [AllowAny] serializer_class = CyberstormCommunitySerializer pagination_class = CommunityPaginator queryset = Community.objects.listed() diff --git a/django/thunderstore/api/cyberstorm/views/markdown.py b/django/thunderstore/api/cyberstorm/views/markdown.py index b59b7d06e..15ae5fe33 100644 --- a/django/thunderstore/api/cyberstorm/views/markdown.py +++ b/django/thunderstore/api/cyberstorm/views/markdown.py @@ -3,6 +3,7 @@ from django.http import Http404 from rest_framework import serializers from rest_framework.generics import RetrieveAPIView, get_object_or_404 +from rest_framework.permissions import AllowAny from thunderstore.api.utils import CyberstormAutoSchemaMixin from thunderstore.markdown.templatetags.markdownify import render_markdown @@ -20,6 +21,7 @@ class PackageVersionReadmeAPIView(CyberstormAutoSchemaMixin, RetrieveAPIView): If no version number is provided, the latest version is used. """ + permission_classes = [AllowAny] serializer_class = CyberstormMarkdownResponseSerializer def get_object(self): @@ -39,6 +41,7 @@ class PackageVersionChangelogAPIView(CyberstormAutoSchemaMixin, RetrieveAPIView) If no version number is provided, the latest version is used. """ + permission_classes = [AllowAny] serializer_class = CyberstormMarkdownResponseSerializer def get_object(self): diff --git a/django/thunderstore/api/cyberstorm/views/package_listing.py b/django/thunderstore/api/cyberstorm/views/package_listing.py index 5a8722cde..35c738959 100644 --- a/django/thunderstore/api/cyberstorm/views/package_listing.py +++ b/django/thunderstore/api/cyberstorm/views/package_listing.py @@ -14,6 +14,7 @@ ) from rest_framework import serializers from rest_framework.generics import RetrieveAPIView, get_object_or_404 +from rest_framework.permissions import AllowAny from thunderstore.api.cyberstorm.serializers import ( CyberstormPackageCategorySerializer, @@ -114,6 +115,7 @@ class ResponseSerializer(serializers.Serializer): class PackageListingAPIView(CyberstormAutoSchemaMixin, RetrieveAPIView): + permission_classes = [AllowAny] serializer_class = ResponseSerializer def get_object(self): diff --git a/django/thunderstore/api/cyberstorm/views/package_listing_list.py b/django/thunderstore/api/cyberstorm/views/package_listing_list.py index f3438c118..c99becd90 100644 --- a/django/thunderstore/api/cyberstorm/views/package_listing_list.py +++ b/django/thunderstore/api/cyberstorm/views/package_listing_list.py @@ -12,6 +12,7 @@ from rest_framework import serializers from rest_framework.generics import ListAPIView, get_object_or_404 from rest_framework.pagination import PageNumberPagination +from rest_framework.permissions import AllowAny from thunderstore.api.cyberstorm.serializers import CyberstormPackagePreviewSerializer from thunderstore.api.utils import conditional_swagger_auto_schema @@ -105,6 +106,7 @@ class BasePackageListAPIView(ListAPIView): methods, whereas the rest are overwritten methods from ListAPIView. """ + permission_classes = [AllowAny] pagination_class = PackageListPaginator serializer_class = CyberstormPackagePreviewSerializer viewname: str = "" # Define in subclass diff --git a/django/thunderstore/api/cyberstorm/views/package_version_list.py b/django/thunderstore/api/cyberstorm/views/package_version_list.py index 0dc69c957..d08f749f5 100644 --- a/django/thunderstore/api/cyberstorm/views/package_version_list.py +++ b/django/thunderstore/api/cyberstorm/views/package_version_list.py @@ -1,5 +1,6 @@ from rest_framework import serializers from rest_framework.generics import ListAPIView, get_object_or_404 +from rest_framework.permissions import AllowAny from thunderstore.api.utils import CyberstormAutoSchemaMixin from thunderstore.repository.models import Package @@ -18,6 +19,7 @@ class PackageVersionListAPIView(CyberstormAutoSchemaMixin, ListAPIView): Return a list of available versions of the package. """ + permission_classes = [AllowAny] serializer_class = CyberstormPackageVersionSerializer def get_queryset(self): diff --git a/django/thunderstore/api/cyberstorm/views/team.py b/django/thunderstore/api/cyberstorm/views/team.py index 28eea7e9a..71c2d8fc3 100644 --- a/django/thunderstore/api/cyberstorm/views/team.py +++ b/django/thunderstore/api/cyberstorm/views/team.py @@ -2,7 +2,7 @@ from rest_framework import serializers from rest_framework.exceptions import PermissionDenied, ValidationError from rest_framework.generics import ListAPIView, RetrieveAPIView, get_object_or_404 -from rest_framework.permissions import IsAuthenticated +from rest_framework.permissions import AllowAny from rest_framework.request import Request from rest_framework.response import Response from rest_framework.views import APIView @@ -23,6 +23,7 @@ class TeamAPIView(CyberstormAutoSchemaMixin, RetrieveAPIView): + permission_classes = [AllowAny] serializer_class = CyberstormTeamSerializer queryset = Team.objects.exclude(is_active=False) lookup_field = "name__iexact" @@ -34,8 +35,6 @@ class TeamRestrictedAPIView(ListAPIView): Ensure the user is a member of the Team. """ - permission_classes = [IsAuthenticated] - def check_permissions(self, request: Request) -> None: super().check_permissions(request) @@ -47,6 +46,7 @@ def check_permissions(self, request: Request) -> None: class TeamMemberListAPIView(CyberstormAutoSchemaMixin, TeamRestrictedAPIView): + permission_classes = [AllowAny] serializer_class = CyberstormTeamMemberSerializer filter_backends = [StrictOrderingFilter] ordering = ["-role", "user__username"] @@ -73,8 +73,6 @@ class CyberstormTeamAddMemberResponseSerialiazer(serializers.Serializer): class TeamMemberAddAPIView(APIView): - permission_classes = [IsAuthenticated] - @conditional_swagger_auto_schema( request_body=CyberstormTeamAddMemberRequestSerialiazer, responses={200: CyberstormTeamAddMemberResponseSerialiazer},