From a7ada0bf417b30ef6b251eedb491513ac7a65985 Mon Sep 17 00:00:00 2001 From: Greg Kempe Date: Fri, 23 Aug 2024 15:03:13 +0200 Subject: [PATCH 1/4] replace use of mock library with python's unittest.mock --- indigo_api/tests/test_document_api.py | 2 +- indigo_content_api/tests/v2/test_content_api.py | 2 +- pyproject.toml | 2 -- 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/indigo_api/tests/test_document_api.py b/indigo_api/tests/test_document_api.py index f61a16ab7..c94d6ccf2 100644 --- a/indigo_api/tests/test_document_api.py +++ b/indigo_api/tests/test_document_api.py @@ -1,5 +1,5 @@ import tempfile -from mock import patch +from unittest.mock import patch import datetime from nose.tools import * # noqa diff --git a/indigo_content_api/tests/v2/test_content_api.py b/indigo_content_api/tests/v2/test_content_api.py index 90e5ddad6..e14250677 100644 --- a/indigo_content_api/tests/v2/test_content_api.py +++ b/indigo_content_api/tests/v2/test_content_api.py @@ -1,7 +1,7 @@ import tempfile from datetime import date +from unittest.mock import patch -from mock import patch from django.test.utils import override_settings from django.conf import settings from rest_framework.test import APITestCase diff --git a/pyproject.toml b/pyproject.toml index a3298f343..d690fd170 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -84,13 +84,11 @@ dev = [ "nose", "flake8", "django-nose>=1.4.4", - "mock>=1.3.0", ] test = [ "nose", "flake8", "django-nose>=1.4.4", - "mock>=1.3.0", "coveralls", "django-webtest>=1.9.4", "dotmap>=1.3.8", From 0dd52b69c3a07b7895632fbea39010385b01f29f Mon Sep 17 00:00:00 2001 From: Greg Kempe Date: Fri, 23 Aug 2024 16:08:32 +0200 Subject: [PATCH 2/4] taxonomy topic views enforce model perms --- indigo_content_api/tests/v3/test_taxonomies_api.py | 3 +++ indigo_content_api/v2/views.py | 3 ++- indigo_content_api/v3/views.py | 4 +++- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/indigo_content_api/tests/v3/test_taxonomies_api.py b/indigo_content_api/tests/v3/test_taxonomies_api.py index ee6b32a5f..6796baad6 100644 --- a/indigo_content_api/tests/v3/test_taxonomies_api.py +++ b/indigo_content_api/tests/v3/test_taxonomies_api.py @@ -1,3 +1,4 @@ +from django.contrib.auth.models import User from django.test import override_settings from rest_framework.test import APITestCase @@ -13,6 +14,8 @@ class TaxonomyTopicsAPIV3Test(APITestCase): def setUp(self): self.client.login(username='api-user@example.com', password='password') + user = User.objects.get(username='api-user@example.com') + user.user_permissions.add('indigo_api.view_taxonomytopic') def test_taxonomies(self): response = self.client.get(self.api_path + '/taxonomies.json') diff --git a/indigo_content_api/v2/views.py b/indigo_content_api/v2/views.py index 84a330a10..5039dd63e 100644 --- a/indigo_content_api/v2/views.py +++ b/indigo_content_api/v2/views.py @@ -3,7 +3,7 @@ from django.http import Http404 from rest_framework import mixins, viewsets, renderers from rest_framework.authentication import SessionAuthentication, TokenAuthentication -from rest_framework.permissions import IsAuthenticated, BasePermission +from rest_framework.permissions import IsAuthenticated, BasePermission, DjangoModelPermissions from rest_framework.response import Response from django_filters.rest_framework import DjangoFilterBackend from django.db.models import Q @@ -410,6 +410,7 @@ class TaxonomyTopicView(ContentAPIBase, viewsets.ReadOnlyModelViewSet): queryset = TaxonomyTopic.objects.none() serializer_class = TaxonomyTopicSerializer lookup_field = 'slug' + permission_classes = [IsAuthenticated, DjangoModelPermissions] def get_queryset(self): # when listing, just use the top-level public nodes diff --git a/indigo_content_api/v3/views.py b/indigo_content_api/v3/views.py index a2fa1aad7..9481d9704 100644 --- a/indigo_content_api/v3/views.py +++ b/indigo_content_api/v3/views.py @@ -2,6 +2,7 @@ from django.shortcuts import get_object_or_404 from django.http import Http404 from rest_framework.mixins import ListModelMixin +from rest_framework.permissions import IsAuthenticated, DjangoModelPermissions from rest_framework.viewsets import GenericViewSet from rest_framework import mixins, viewsets @@ -74,6 +75,7 @@ class TaxonomyTopicWorkExpressionsView(ContentAPIBase, ListModelMixin, GenericVi """ List of work expressions for a taxonomy topic.""" filter_backends = PublishedDocumentDetailViewV3.filter_backends filterset_fields = PublishedDocumentDetailViewV3.filterset_fields + permission_classes = [IsAuthenticated, DjangoModelPermissions] taxonomy_topic = None def get_serializer_class(self): @@ -93,7 +95,7 @@ def get_taxonomy_topic(self, slug): def get_queryset(self): queryset = PublishedDocumentDetailViewV3.queryset # when drf-spectacular generates the schema, it doesn't have the taxonomy_topic attribute - if not getattr(self, 'swagger_fake_view', False): + if not getattr(self, 'swagger_fake_view', False) and self.taxonomy_topic: works = Work.objects.filter(taxonomy_topics__path__startswith=self.taxonomy_topic.path).distinct("pk") queryset = queryset.filter(work__in=works) return super().filter_queryset(queryset) From 6c007be2558d30f7e71e5cfa198509f6837ec12b Mon Sep 17 00:00:00 2001 From: Greg Kempe Date: Fri, 23 Aug 2024 16:11:38 +0200 Subject: [PATCH 3/4] fix perms in tests --- indigo_api/fixtures/user.json | 3 ++- indigo_content_api/tests/v3/test_taxonomies_api.py | 3 --- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/indigo_api/fixtures/user.json b/indigo_api/fixtures/user.json index 1c0120f79..ff60c341e 100644 --- a/indigo_api/fixtures/user.json +++ b/indigo_api/fixtures/user.json @@ -105,7 +105,8 @@ "last_login": "2012-01-13 00:14:00+00:00", "groups": [], "user_permissions": [ - ["view_published_document", "indigo_api", "document"] + ["view_published_document", "indigo_api", "document"], + ["view_taxonomytopic", "indigo_api", "taxonomytopic"] ], "password": "pbkdf2_sha256$12000$NkxvaoXfb4p2$A6u0ez3trvm9VyIT606HB5G3NKRLl4znE4ZlsZS5T7U=", "date_joined": "2012-01-13 00:14:00+00:00" diff --git a/indigo_content_api/tests/v3/test_taxonomies_api.py b/indigo_content_api/tests/v3/test_taxonomies_api.py index 6796baad6..ee6b32a5f 100644 --- a/indigo_content_api/tests/v3/test_taxonomies_api.py +++ b/indigo_content_api/tests/v3/test_taxonomies_api.py @@ -1,4 +1,3 @@ -from django.contrib.auth.models import User from django.test import override_settings from rest_framework.test import APITestCase @@ -14,8 +13,6 @@ class TaxonomyTopicsAPIV3Test(APITestCase): def setUp(self): self.client.login(username='api-user@example.com', password='password') - user = User.objects.get(username='api-user@example.com') - user.user_permissions.add('indigo_api.view_taxonomytopic') def test_taxonomies(self): response = self.client.get(self.api_path + '/taxonomies.json') From a12d17713bc3c29afa04994dfa2813b07a25418d Mon Sep 17 00:00:00 2001 From: Greg Kempe Date: Fri, 23 Aug 2024 16:26:38 +0200 Subject: [PATCH 4/4] revert perms changes, they aren't necessary --- indigo_api/fixtures/user.json | 3 +-- indigo_content_api/v2/views.py | 3 +-- indigo_content_api/v3/views.py | 2 -- 3 files changed, 2 insertions(+), 6 deletions(-) diff --git a/indigo_api/fixtures/user.json b/indigo_api/fixtures/user.json index ff60c341e..1c0120f79 100644 --- a/indigo_api/fixtures/user.json +++ b/indigo_api/fixtures/user.json @@ -105,8 +105,7 @@ "last_login": "2012-01-13 00:14:00+00:00", "groups": [], "user_permissions": [ - ["view_published_document", "indigo_api", "document"], - ["view_taxonomytopic", "indigo_api", "taxonomytopic"] + ["view_published_document", "indigo_api", "document"] ], "password": "pbkdf2_sha256$12000$NkxvaoXfb4p2$A6u0ez3trvm9VyIT606HB5G3NKRLl4znE4ZlsZS5T7U=", "date_joined": "2012-01-13 00:14:00+00:00" diff --git a/indigo_content_api/v2/views.py b/indigo_content_api/v2/views.py index 5039dd63e..84a330a10 100644 --- a/indigo_content_api/v2/views.py +++ b/indigo_content_api/v2/views.py @@ -3,7 +3,7 @@ from django.http import Http404 from rest_framework import mixins, viewsets, renderers from rest_framework.authentication import SessionAuthentication, TokenAuthentication -from rest_framework.permissions import IsAuthenticated, BasePermission, DjangoModelPermissions +from rest_framework.permissions import IsAuthenticated, BasePermission from rest_framework.response import Response from django_filters.rest_framework import DjangoFilterBackend from django.db.models import Q @@ -410,7 +410,6 @@ class TaxonomyTopicView(ContentAPIBase, viewsets.ReadOnlyModelViewSet): queryset = TaxonomyTopic.objects.none() serializer_class = TaxonomyTopicSerializer lookup_field = 'slug' - permission_classes = [IsAuthenticated, DjangoModelPermissions] def get_queryset(self): # when listing, just use the top-level public nodes diff --git a/indigo_content_api/v3/views.py b/indigo_content_api/v3/views.py index 9481d9704..b0959ba38 100644 --- a/indigo_content_api/v3/views.py +++ b/indigo_content_api/v3/views.py @@ -2,7 +2,6 @@ from django.shortcuts import get_object_or_404 from django.http import Http404 from rest_framework.mixins import ListModelMixin -from rest_framework.permissions import IsAuthenticated, DjangoModelPermissions from rest_framework.viewsets import GenericViewSet from rest_framework import mixins, viewsets @@ -75,7 +74,6 @@ class TaxonomyTopicWorkExpressionsView(ContentAPIBase, ListModelMixin, GenericVi """ List of work expressions for a taxonomy topic.""" filter_backends = PublishedDocumentDetailViewV3.filter_backends filterset_fields = PublishedDocumentDetailViewV3.filterset_fields - permission_classes = [IsAuthenticated, DjangoModelPermissions] taxonomy_topic = None def get_serializer_class(self):