Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(generic): anonymous views #1399

Merged
merged 2 commits into from
Dec 18, 2024
Merged

feat(generic): anonymous views #1399

merged 2 commits into from
Dec 18, 2024

Conversation

gythaogg
Copy link
Contributor

@gythaogg gythaogg commented Nov 17, 2024
edited
Loading

This pull request focuses on simplifying the codebase by removing the ListViewObjectFilterMixin class and updating related view permissions and settings accordingly. The most important changes include the removal of the mixin class, updates to view permission checks, and corresponding documentation updates.

Codebase simplification:

  • apis_core/core/mixins.py: Removed the ListViewObjectFilterMixin class and its methods, which were used for filtering querysets and handling permissions in list views.
  • apis_core/generic/views.py: Removed the import of ListViewObjectFilterMixin and its usage in the List class. Updated the get_permission_required method to check for APIS_ANON_VIEWS_ALLOWED instead of APIS_VIEW_PASSES_TEST. [1] [2] [3]

Documentation updates:

  • docs/source/configuration.rst: Updated the configuration documentation to reflect the the use of APIS_LIST_VIEWS_ALLOWED and removed APIS_DETAIL_VIEWS_ALLOWED to APIS_ANON_VIEWS_ALLOWED. APIS_LIST_VIEW_OBJECT_FILTER and APIS_VIEW_PASSES_TEST are removed.

Sample_Project test example - list only Persons with forename containing "a" for anonymous users

settings.py
APIS_ANON_VIEWS_ALLOWED = True

models.py

class PersonManager(models.Manager):
    def get_queryset(self):
        user = get_current_user()
        if user and user.is_authenticated:
            return super().get_queryset()

        return super().get_queryset().filter(forename__icontains="a")


class Person(VersionMixin, E21_Person, AbstractEntity):
    profession = models.ManyToManyField(Profession, blank=True)
    objects = PersonManager()

@gythaogg gythaogg mentioned this pull request Nov 17, 2024
Closed
@gythaogg gythaogg requested review from b1rger and sennierer November 17, 2024 10:54
@gythaogg gythaogg force-pushed the gythaogg/detail-view-permissions branch from 524cddd to 1ac5a4a Compare November 17, 2024 10:55
@gythaogg gythaogg removed the request for review from sennierer November 20, 2024 10:32
@gythaogg gythaogg force-pushed the gythaogg/detail-view-permissions branch from 1ac5a4a to bdf6288 Compare December 17, 2024 10:01
@gythaogg gythaogg marked this pull request as draft December 17, 2024 10:02
@gythaogg gythaogg force-pushed the gythaogg/detail-view-permissions branch 5 times, most recently from cac6fbb to 2f970ef Compare December 17, 2024 10:45
@gythaogg gythaogg marked this pull request as ready for review December 17, 2024 10:50
@gythaogg gythaogg force-pushed the gythaogg/detail-view-permissions branch from 2f970ef to e2a2770 Compare December 17, 2024 11:05
@gythaogg gythaogg marked this pull request as draft December 17, 2024 11:05
@gythaogg gythaogg changed the title fix(generic): respect APIS_DETAIL_VIEWS_ALLOWED setting feat(generic): anonymous views Dec 17, 2024
@gythaogg gythaogg marked this pull request as ready for review December 17, 2024 11:10
This was linked to issues Dec 17, 2024
bug: APIS_DETAIL_VIEWS_ALLOWED = True does not make any difference #1400
Closed
Enforce consistent checks for list and detail views #1412
Closed
Next/Prev entities should point to only entities in the queryset that the user is allowed to see #1415
Closed
@gythaogg gythaogg force-pushed the gythaogg/detail-view-permissions branch 2 times, most recently from 5e083d8 to e49a0a1 Compare December 17, 2024 12:01
b1rger
b1rger requested changes Dec 17, 2024
View reviewed changes
Copy link
Contributor

@b1rger b1rger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could you move the docs changes into a separate docs(configuration): commit?

docs/source/configuration.rst Outdated Show resolved Hide resolved
@gythaogg
feat(generic)!: APIS_ANON_VIEWS_ALLOWED setting
b2a3f3e 
BREAKING CHANGE: APIS_LIST_VIEWS_ALLOWED and APIS_DETAIL_VIEWS_ALLOWED
are replaced with a single setting APIS_ANON_VIEWS_ALLOWED
When APIS_ANON_VIEWS_ALLOWED is set to True List views and Detail views
will be open to anyone, without having to login.
APIS_LIST_VIEW_OBJECT_FILTER and APIS_VIEW_PASSES_TEST
are no longer supported. Custom managers should be used instead.

fixes #1400
@gythaogg gythaogg force-pushed the gythaogg/detail-view-permissions branch from e49a0a1 to e4122b5 Compare December 18, 2024 08:54
@gythaogg gythaogg marked this pull request as draft December 18, 2024 09:02
@gythaogg gythaogg marked this pull request as ready for review December 18, 2024 09:03
@gythaogg gythaogg requested a review from b1rger December 18, 2024 09:03
@gythaogg @b1rger
docs(configuration): update configs for anonymous views
502c1b6 
add documentation for APIS_ANON_VIEWS_ALLOWED
remove the following unsupported configurations from the docs
- APIS_LIST_VIEWS_ALLOWED
- APIS_DETAIL_VIEWS_ALLOWED
- APIS_VIEW_PASSES_TEST
- APIS_LIST_VIEW_OBJECT_FILTER
@b1rger b1rger force-pushed the gythaogg/detail-view-permissions branch from e4122b5 to 502c1b6 Compare December 18, 2024 09:27
@b1rger b1rger merged commit 6f28df6 into main Dec 18, 2024
14 checks passed
@b1rger b1rger deleted the gythaogg/detail-view-permissions branch December 18, 2024 09:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@b1rger b1rger b1rger approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@gythaogg @b1rger