Set default permission class to IsAuthenticated & made required chang…

…es (#2268)

Set default permission class to IsAuthenticated & made required changes (#2268)

---------

Co-authored-by: Aakash Singh <mail@singhaakash.dev>

care/abdm/api/viewsets/abha_number.py

@@ -2,7 +2,6 @@
 from django.http import Http404
 from rest_framework.decorators import action
 from rest_framework.mixins import RetrieveModelMixin
-from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.viewsets import GenericViewSet
 
@@ -19,7 +18,6 @@ class AbhaNumberViewSet(
     serializer_class = AbhaNumberSerializer
     model = AbhaNumber
     queryset = AbhaNumber.objects.all()
-    permission_classes = (IsAuthenticated,)
 
     def get_object(self):
         id = self.kwargs.get("pk")

care/abdm/api/viewsets/auth.py

@@ -5,7 +5,6 @@
 from django.core.cache import cache
 from rest_framework import status
 from rest_framework.generics import GenericAPIView, get_object_or_404
-from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 
 from care.abdm.utils.api_call import AbdmGateway
@@ -19,7 +18,6 @@
 
 
 class OnFetchView(GenericAPIView):
-    permission_classes = (IsAuthenticated,)
     authentication_classes = [ABDMAuthentication]
 
     def post(self, request, *args, **kwargs):
@@ -31,7 +29,6 @@ def post(self, request, *args, **kwargs):
 
 
 class OnInitView(GenericAPIView):
-    permission_classes = (IsAuthenticated,)
     authentication_classes = [ABDMAuthentication]
 
     def post(self, request, *args, **kwargs):
@@ -43,7 +40,6 @@ def post(self, request, *args, **kwargs):
 
 
 class OnConfirmView(GenericAPIView):
-    permission_classes = (IsAuthenticated,)
     authentication_classes = [ABDMAuthentication]
 
     def post(self, request, *args, **kwargs):
@@ -76,7 +72,6 @@ def post(self, request, *args, **kwargs):
 
 
 class AuthNotifyView(GenericAPIView):
-    permission_classes = (IsAuthenticated,)
     authentication_classes = [ABDMAuthentication]
 
     def post(self, request, *args, **kwargs):
@@ -94,15 +89,13 @@ def post(self, request, *args, **kwargs):
 
 
 class OnAddContextsView(GenericAPIView):
-    permission_classes = (IsAuthenticated,)
     authentication_classes = [ABDMAuthentication]
 
     def post(self, request, *args, **kwargs):
         return Response({}, status=status.HTTP_202_ACCEPTED)
 
 
 class DiscoverView(GenericAPIView):
-    permission_classes = (IsAuthenticated,)
     authentication_classes = [ABDMAuthentication]
 
     def post(self, request, *args, **kwargs):
@@ -171,7 +164,6 @@ def post(self, request, *args, **kwargs):
 
 
 class LinkInitView(GenericAPIView):
-    permission_classes = (IsAuthenticated,)
     authentication_classes = [ABDMAuthentication]
 
     def post(self, request, *args, **kwargs):
@@ -191,7 +183,6 @@ def post(self, request, *args, **kwargs):
 
 
 class LinkConfirmView(GenericAPIView):
-    permission_classes = (IsAuthenticated,)
     authentication_classes = [ABDMAuthentication]
 
     def post(self, request, *args, **kwargs):
@@ -225,7 +216,6 @@ def post(self, request, *args, **kwargs):
 
 
 class NotifyView(GenericAPIView):
-    permission_classes = (IsAuthenticated,)
     authentication_classes = [ABDMAuthentication]
 
     def post(self, request, *args, **kwargs):
@@ -243,7 +233,6 @@ def post(self, request, *args, **kwargs):
 
 
 class RequestDataView(GenericAPIView):
-    permission_classes = (IsAuthenticated,)
     authentication_classes = [ABDMAuthentication]
 
     def post(self, request, *args, **kwargs):

care/abdm/api/viewsets/consent.py

@@ -4,7 +4,6 @@
 from rest_framework import status
 from rest_framework.decorators import action
 from rest_framework.mixins import ListModelMixin, RetrieveModelMixin
-from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.viewsets import GenericViewSet
 
@@ -43,7 +42,6 @@ class ConsentViewSet(GenericViewSet, ListModelMixin, RetrieveModelMixin):
     serializer_class = ConsentRequestSerializer
     model = ConsentRequest
     queryset = ConsentRequest.objects.all()
-    permission_classes = (IsAuthenticated,)
     filter_backends = (filters.DjangoFilterBackend,)
     filterset_class = ConsentRequestFilter
 
@@ -130,7 +128,6 @@ def fetch(self, request, pk):
 
 
 class ConsentCallbackViewSet(GenericViewSet):
-    permission_classes = (IsAuthenticated,)
     authentication_classes = [ABDMAuthentication]
 
     def consent_request__on_init(self, request):

care/abdm/api/viewsets/health_information.py

@@ -4,7 +4,6 @@
 from django.db.models import Q
 from rest_framework import status
 from rest_framework.decorators import action
-from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.viewsets import GenericViewSet
 
@@ -20,7 +19,6 @@
 
 
 class HealthInformationViewSet(GenericViewSet):
-    permission_classes = (IsAuthenticated,)
 
     def retrieve(self, request, pk):
         files = FileUpload.objects.filter(
@@ -83,7 +81,6 @@ def request(self, request, pk):
 
 
 class HealthInformationCallbackViewSet(GenericViewSet):
-    permission_classes = (IsAuthenticated,)
     authentication_classes = [ABDMAuthentication]
 
     def health_information__hiu__on_request(self, request):

care/abdm/api/viewsets/healthid.py

@@ -8,7 +8,6 @@
 from rest_framework.decorators import action
 from rest_framework.exceptions import ValidationError
 from rest_framework.mixins import CreateModelMixin
-from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.viewsets import GenericViewSet
 
@@ -40,7 +39,6 @@
 class ABDMHealthIDViewSet(GenericViewSet, CreateModelMixin):
     base_name = "healthid"
     model = AbhaNumber
-    permission_classes = (IsAuthenticated,)
 
     @extend_schema(
         operation_id="generate_aadhaar_otp",

care/abdm/api/viewsets/hip.py

@@ -3,7 +3,6 @@
 
 from rest_framework import status
 from rest_framework.decorators import action
-from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.viewsets import GenericViewSet
 
@@ -16,7 +15,6 @@
 
 
 class HipViewSet(GenericViewSet):
-    permission_classes = (IsAuthenticated,)
     authentication_classes = [ABDMAuthentication]
 
     def get_linking_token(self, data):

care/abdm/api/viewsets/monitoring.py

@@ -2,13 +2,12 @@
 
 from rest_framework import status
 from rest_framework.generics import GenericAPIView
-from rest_framework.permissions import AllowAny
 from rest_framework.response import Response
 
 
 class HeartbeatView(GenericAPIView):
-    permission_classes = (AllowAny,)
-    authentication_classes = []
+    permission_classes = ()
+    authentication_classes = ()
 
     def get(self, request, *args, **kwargs):
         return Response(

care/abdm/api/viewsets/patients.py

@@ -4,7 +4,6 @@
 from django.db.models import Q
 from rest_framework import status
 from rest_framework.decorators import action
-from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.viewsets import GenericViewSet
 
@@ -17,7 +16,6 @@
 
 
 class PatientsViewSet(GenericViewSet):
-    permission_classes = (IsAuthenticated,)
 
     @action(detail=False, methods=["POST"])
     def find(self, request):
@@ -57,7 +55,6 @@ def find(self, request):
 
 
 class PatientsCallbackViewSet(GenericViewSet):
-    permission_classes = (IsAuthenticated,)
     authentication_classes = [ABDMAuthentication]
 
     def patients__on_find(self, request):

care/abdm/api/viewsets/status.py

@@ -1,6 +1,5 @@
 from rest_framework import status
 from rest_framework.generics import GenericAPIView
-from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 
 from care.abdm.models import AbhaNumber
@@ -10,7 +9,6 @@
 
 
 class NotifyView(GenericAPIView):
-    permission_classes = (IsAuthenticated,)
     authentication_classes = [ABDMAuthentication]
 
     def post(self, request, *args, **kwargs):
@@ -29,7 +27,6 @@ def post(self, request, *args, **kwargs):
 
 
 class SMSOnNotifyView(GenericAPIView):
-    permission_classes = (IsAuthenticated,)
     authentication_classes = [ABDMAuthentication]
 
     def post(self, request, *args, **kwargs):

care/facility/api/viewsets/__init__.py

@@ -4,7 +4,6 @@
     RetrieveModelMixin,
     UpdateModelMixin,
 )
-from rest_framework.permissions import IsAuthenticated
 from rest_framework.viewsets import GenericViewSet
 
 from care.facility.api.viewsets.mixins.access import UserAccessMixin
@@ -19,5 +18,3 @@ class FacilityBaseViewset(
     GenericViewSet,
 ):
     """Base class for all endpoints related to Faclity model."""
-
-    permission_classes = (IsAuthenticated,)

care/facility/api/viewsets/ambulance.py

@@ -9,7 +9,6 @@
     RetrieveModelMixin,
     UpdateModelMixin,
 )
-from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.viewsets import GenericViewSet
 
@@ -49,7 +48,6 @@ class AmbulanceViewSet(
     DestroyModelMixin,
     GenericViewSet,
 ):
-    permission_classes = (IsAuthenticated,)
     serializer_class = AmbulanceSerializer
     queryset = Ambulance.objects.filter(deleted=False).select_related(
         "primary_district", "secondary_district", "third_district"

care/facility/api/viewsets/asset.py

@@ -189,6 +189,8 @@ class AssetPublicViewSet(GenericViewSet):
     queryset = Asset.objects.all()
     serializer_class = AssetPublicSerializer
     lookup_field = "external_id"
+    permission_classes = ()
+    authentication_classes = ()
 
     def retrieve(self, request, *args, **kwargs):
         key = "asset:" + kwargs["external_id"]
@@ -207,6 +209,8 @@ class AssetPublicQRViewSet(GenericViewSet):
     queryset = Asset.objects.all()
     serializer_class = AssetPublicSerializer
     lookup_field = "qr_code_id"
+    permission_classes = ()
+    authentication_classes = ()
 
     def retrieve(self, request, *args, **kwargs):
         qr_code_id = kwargs["qr_code_id"]
@@ -227,7 +231,6 @@ def retrieve(self, request, *args, **kwargs):
 class AvailabilityViewSet(ListModelMixin, RetrieveModelMixin, GenericViewSet):
     queryset = AvailabilityRecord.objects.all()
     serializer_class = AvailabilityRecordSerializer
-    permission_classes = (IsAuthenticated,)
 
     def get_queryset(self):
         facility_queryset = get_facility_queryset(self.request.user)
@@ -423,7 +426,6 @@ def operate_assets(self, request, *args, **kwargs):
 class AssetRetrieveConfigViewSet(ListModelMixin, GenericViewSet):
     queryset = Asset.objects.all()
     authentication_classes = [MiddlewareAuthentication]
-    permission_classes = [IsAuthenticated]
     serializer_class = AssetConfigSerializer
 
     @extend_schema(
@@ -550,8 +552,6 @@ class AssetServiceViewSet(
     )
     serializer_class = AssetServiceSerializer
 
-    permission_classes = (IsAuthenticated,)
-
     lookup_field = "external_id"
 
     filter_backends = (filters.DjangoFilterBackend,)

care/facility/api/viewsets/daily_round.py

@@ -41,10 +41,7 @@ class DailyRoundsViewSet(
     GenericViewSet,
 ):
     serializer_class = DailyRoundSerializer
-    permission_classes = (
-        IsAuthenticated,
-        DRYPermissions,
-    )
+    permission_classes = (IsAuthenticated, DRYPermissions)
     queryset = DailyRound.objects.all().select_related("created_by", "last_edited_by")
     lookup_field = "external_id"
     filterset_class = DailyRoundFilterSet

care/facility/api/viewsets/events.py

@@ -4,7 +4,6 @@
 from django_filters import rest_framework as filters
 from drf_spectacular.utils import extend_schema
 from rest_framework.decorators import action
-from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.serializers import BaseSerializer
 from rest_framework.viewsets import ReadOnlyModelViewSet
@@ -21,7 +20,6 @@
 class EventTypeViewSet(ReadOnlyModelViewSet):
     serializer_class = EventTypeSerializer
     queryset = EventType.objects.filter(is_active=True)
-    permission_classes = (IsAuthenticated,)
 
     def get_serializer_class(self) -> type[BaseSerializer]:
         if self.action == "roots":
@@ -68,7 +66,6 @@ class PatientConsultationEventViewSet(ReadOnlyModelViewSet):
     queryset = PatientConsultationEvent.objects.all().select_related(
         "event_type", "caused_by"
     )
-    permission_classes = (IsAuthenticated,)
     filter_backends = (filters.DjangoFilterBackend,)
     filterset_class = PatientConsultationEventFilterSet
     # lookup_field = "external_id"

care/facility/api/viewsets/facility.py

@@ -79,10 +79,7 @@ class FacilityViewSet(
     queryset = Facility.objects.all().select_related(
         "ward", "local_body", "district", "state"
     )
-    permission_classes = (
-        IsAuthenticated,
-        DRYPermissions,
-    )
+    permission_classes = (IsAuthenticated, DRYPermissions)
     filter_backends = (
         FacilityQSPermissions,
         filters.DjangoFilterBackend,
@@ -178,6 +175,7 @@ class AllFacilityViewSet(
     mixins.ListModelMixin,
     viewsets.GenericViewSet,
 ):
+    permission_classes = ()
     queryset = Facility.objects.all().select_related("local_body", "district", "state")
     serializer_class = FacilityBasicInfoSerializer
     filter_backends = (filters.DjangoFilterBackend, drf_filters.SearchFilter)

care/facility/api/viewsets/facility_capacity.py

@@ -18,10 +18,7 @@ class FacilityCapacityViewSet(FacilityBaseViewset, ListModelMixin):
     lookup_field = "external_id"
     serializer_class = FacilityCapacitySerializer
     queryset = FacilityCapacity.objects.filter(facility__deleted=False)
-    permission_classes = (
-        IsAuthenticated,
-        DRYPermissions,
-    )
+    permission_classes = (IsAuthenticated, DRYPermissions)
 
     def get_queryset(self):
         user = self.request.user