diff --git a/care/abdm/api/viewsets/abha_number.py b/care/abdm/api/viewsets/abha_number.py index eae53df9c5..2e94f2aae6 100644 --- a/care/abdm/api/viewsets/abha_number.py +++ b/care/abdm/api/viewsets/abha_number.py @@ -2,7 +2,6 @@ from django.http import Http404 from rest_framework.decorators import action from rest_framework.mixins import RetrieveModelMixin -from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response from rest_framework.viewsets import GenericViewSet @@ -19,7 +18,6 @@ class AbhaNumberViewSet( serializer_class = AbhaNumberSerializer model = AbhaNumber queryset = AbhaNumber.objects.all() - permission_classes = (IsAuthenticated,) def get_object(self): id = self.kwargs.get("pk") diff --git a/care/abdm/api/viewsets/auth.py b/care/abdm/api/viewsets/auth.py index ad1d48beea..b63b484583 100644 --- a/care/abdm/api/viewsets/auth.py +++ b/care/abdm/api/viewsets/auth.py @@ -5,7 +5,6 @@ from django.core.cache import cache from rest_framework import status from rest_framework.generics import GenericAPIView, get_object_or_404 -from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response from care.abdm.utils.api_call import AbdmGateway @@ -19,7 +18,6 @@ class OnFetchView(GenericAPIView): - permission_classes = (IsAuthenticated,) authentication_classes = [ABDMAuthentication] def post(self, request, *args, **kwargs): @@ -31,7 +29,6 @@ def post(self, request, *args, **kwargs): class OnInitView(GenericAPIView): - permission_classes = (IsAuthenticated,) authentication_classes = [ABDMAuthentication] def post(self, request, *args, **kwargs): @@ -43,7 +40,6 @@ def post(self, request, *args, **kwargs): class OnConfirmView(GenericAPIView): - permission_classes = (IsAuthenticated,) authentication_classes = [ABDMAuthentication] def post(self, request, *args, **kwargs): @@ -76,7 +72,6 @@ def post(self, request, *args, **kwargs): class AuthNotifyView(GenericAPIView): - permission_classes = (IsAuthenticated,) authentication_classes = [ABDMAuthentication] def post(self, request, *args, **kwargs): @@ -94,7 +89,6 @@ def post(self, request, *args, **kwargs): class OnAddContextsView(GenericAPIView): - permission_classes = (IsAuthenticated,) authentication_classes = [ABDMAuthentication] def post(self, request, *args, **kwargs): @@ -102,7 +96,6 @@ def post(self, request, *args, **kwargs): class DiscoverView(GenericAPIView): - permission_classes = (IsAuthenticated,) authentication_classes = [ABDMAuthentication] def post(self, request, *args, **kwargs): @@ -171,7 +164,6 @@ def post(self, request, *args, **kwargs): class LinkInitView(GenericAPIView): - permission_classes = (IsAuthenticated,) authentication_classes = [ABDMAuthentication] def post(self, request, *args, **kwargs): @@ -191,7 +183,6 @@ def post(self, request, *args, **kwargs): class LinkConfirmView(GenericAPIView): - permission_classes = (IsAuthenticated,) authentication_classes = [ABDMAuthentication] def post(self, request, *args, **kwargs): @@ -225,7 +216,6 @@ def post(self, request, *args, **kwargs): class NotifyView(GenericAPIView): - permission_classes = (IsAuthenticated,) authentication_classes = [ABDMAuthentication] def post(self, request, *args, **kwargs): @@ -243,7 +233,6 @@ def post(self, request, *args, **kwargs): class RequestDataView(GenericAPIView): - permission_classes = (IsAuthenticated,) authentication_classes = [ABDMAuthentication] def post(self, request, *args, **kwargs): diff --git a/care/abdm/api/viewsets/consent.py b/care/abdm/api/viewsets/consent.py index 383f3fde3c..da6fc0ac4f 100644 --- a/care/abdm/api/viewsets/consent.py +++ b/care/abdm/api/viewsets/consent.py @@ -4,7 +4,6 @@ from rest_framework import status from rest_framework.decorators import action from rest_framework.mixins import ListModelMixin, RetrieveModelMixin -from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response from rest_framework.viewsets import GenericViewSet @@ -43,7 +42,6 @@ class ConsentViewSet(GenericViewSet, ListModelMixin, RetrieveModelMixin): serializer_class = ConsentRequestSerializer model = ConsentRequest queryset = ConsentRequest.objects.all() - permission_classes = (IsAuthenticated,) filter_backends = (filters.DjangoFilterBackend,) filterset_class = ConsentRequestFilter @@ -130,7 +128,6 @@ def fetch(self, request, pk): class ConsentCallbackViewSet(GenericViewSet): - permission_classes = (IsAuthenticated,) authentication_classes = [ABDMAuthentication] def consent_request__on_init(self, request): diff --git a/care/abdm/api/viewsets/health_information.py b/care/abdm/api/viewsets/health_information.py index 2128fbc137..98a2825276 100644 --- a/care/abdm/api/viewsets/health_information.py +++ b/care/abdm/api/viewsets/health_information.py @@ -4,7 +4,6 @@ from django.db.models import Q from rest_framework import status from rest_framework.decorators import action -from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response from rest_framework.viewsets import GenericViewSet @@ -20,7 +19,6 @@ class HealthInformationViewSet(GenericViewSet): - permission_classes = (IsAuthenticated,) def retrieve(self, request, pk): files = FileUpload.objects.filter( @@ -83,7 +81,6 @@ def request(self, request, pk): class HealthInformationCallbackViewSet(GenericViewSet): - permission_classes = (IsAuthenticated,) authentication_classes = [ABDMAuthentication] def health_information__hiu__on_request(self, request): diff --git a/care/abdm/api/viewsets/healthid.py b/care/abdm/api/viewsets/healthid.py index e435c1614f..347f1a01b2 100644 --- a/care/abdm/api/viewsets/healthid.py +++ b/care/abdm/api/viewsets/healthid.py @@ -8,7 +8,6 @@ from rest_framework.decorators import action from rest_framework.exceptions import ValidationError from rest_framework.mixins import CreateModelMixin -from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response from rest_framework.viewsets import GenericViewSet @@ -40,7 +39,6 @@ class ABDMHealthIDViewSet(GenericViewSet, CreateModelMixin): base_name = "healthid" model = AbhaNumber - permission_classes = (IsAuthenticated,) @extend_schema( operation_id="generate_aadhaar_otp", diff --git a/care/abdm/api/viewsets/hip.py b/care/abdm/api/viewsets/hip.py index 2de9b9fca8..aa6abb5b1e 100644 --- a/care/abdm/api/viewsets/hip.py +++ b/care/abdm/api/viewsets/hip.py @@ -3,7 +3,6 @@ from rest_framework import status from rest_framework.decorators import action -from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response from rest_framework.viewsets import GenericViewSet @@ -16,7 +15,6 @@ class HipViewSet(GenericViewSet): - permission_classes = (IsAuthenticated,) authentication_classes = [ABDMAuthentication] def get_linking_token(self, data): diff --git a/care/abdm/api/viewsets/monitoring.py b/care/abdm/api/viewsets/monitoring.py index 62b38360ce..b1ee830398 100644 --- a/care/abdm/api/viewsets/monitoring.py +++ b/care/abdm/api/viewsets/monitoring.py @@ -2,13 +2,12 @@ from rest_framework import status from rest_framework.generics import GenericAPIView -from rest_framework.permissions import AllowAny from rest_framework.response import Response class HeartbeatView(GenericAPIView): - permission_classes = (AllowAny,) - authentication_classes = [] + permission_classes = () + authentication_classes = () def get(self, request, *args, **kwargs): return Response( diff --git a/care/abdm/api/viewsets/patients.py b/care/abdm/api/viewsets/patients.py index 267679d48d..e29a72487f 100644 --- a/care/abdm/api/viewsets/patients.py +++ b/care/abdm/api/viewsets/patients.py @@ -4,7 +4,6 @@ from django.db.models import Q from rest_framework import status from rest_framework.decorators import action -from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response from rest_framework.viewsets import GenericViewSet @@ -17,7 +16,6 @@ class PatientsViewSet(GenericViewSet): - permission_classes = (IsAuthenticated,) @action(detail=False, methods=["POST"]) def find(self, request): @@ -57,7 +55,6 @@ def find(self, request): class PatientsCallbackViewSet(GenericViewSet): - permission_classes = (IsAuthenticated,) authentication_classes = [ABDMAuthentication] def patients__on_find(self, request): diff --git a/care/abdm/api/viewsets/status.py b/care/abdm/api/viewsets/status.py index 8c126ec7ef..72913c847a 100644 --- a/care/abdm/api/viewsets/status.py +++ b/care/abdm/api/viewsets/status.py @@ -1,6 +1,5 @@ from rest_framework import status from rest_framework.generics import GenericAPIView -from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response from care.abdm.models import AbhaNumber @@ -10,7 +9,6 @@ class NotifyView(GenericAPIView): - permission_classes = (IsAuthenticated,) authentication_classes = [ABDMAuthentication] def post(self, request, *args, **kwargs): @@ -29,7 +27,6 @@ def post(self, request, *args, **kwargs): class SMSOnNotifyView(GenericAPIView): - permission_classes = (IsAuthenticated,) authentication_classes = [ABDMAuthentication] def post(self, request, *args, **kwargs): diff --git a/care/facility/api/viewsets/__init__.py b/care/facility/api/viewsets/__init__.py index e9eb119910..40ee4c5499 100644 --- a/care/facility/api/viewsets/__init__.py +++ b/care/facility/api/viewsets/__init__.py @@ -4,7 +4,6 @@ RetrieveModelMixin, UpdateModelMixin, ) -from rest_framework.permissions import IsAuthenticated from rest_framework.viewsets import GenericViewSet from care.facility.api.viewsets.mixins.access import UserAccessMixin @@ -19,5 +18,3 @@ class FacilityBaseViewset( GenericViewSet, ): """Base class for all endpoints related to Faclity model.""" - - permission_classes = (IsAuthenticated,) diff --git a/care/facility/api/viewsets/ambulance.py b/care/facility/api/viewsets/ambulance.py index dd5e5d991f..a2dbe3de95 100644 --- a/care/facility/api/viewsets/ambulance.py +++ b/care/facility/api/viewsets/ambulance.py @@ -9,7 +9,6 @@ RetrieveModelMixin, UpdateModelMixin, ) -from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response from rest_framework.viewsets import GenericViewSet @@ -49,7 +48,6 @@ class AmbulanceViewSet( DestroyModelMixin, GenericViewSet, ): - permission_classes = (IsAuthenticated,) serializer_class = AmbulanceSerializer queryset = Ambulance.objects.filter(deleted=False).select_related( "primary_district", "secondary_district", "third_district" diff --git a/care/facility/api/viewsets/asset.py b/care/facility/api/viewsets/asset.py index cf6ff5790d..26b9d35b34 100644 --- a/care/facility/api/viewsets/asset.py +++ b/care/facility/api/viewsets/asset.py @@ -189,6 +189,8 @@ class AssetPublicViewSet(GenericViewSet): queryset = Asset.objects.all() serializer_class = AssetPublicSerializer lookup_field = "external_id" + permission_classes = () + authentication_classes = () def retrieve(self, request, *args, **kwargs): key = "asset:" + kwargs["external_id"] @@ -207,6 +209,8 @@ class AssetPublicQRViewSet(GenericViewSet): queryset = Asset.objects.all() serializer_class = AssetPublicSerializer lookup_field = "qr_code_id" + permission_classes = () + authentication_classes = () def retrieve(self, request, *args, **kwargs): qr_code_id = kwargs["qr_code_id"] @@ -227,7 +231,6 @@ def retrieve(self, request, *args, **kwargs): class AvailabilityViewSet(ListModelMixin, RetrieveModelMixin, GenericViewSet): queryset = AvailabilityRecord.objects.all() serializer_class = AvailabilityRecordSerializer - permission_classes = (IsAuthenticated,) def get_queryset(self): facility_queryset = get_facility_queryset(self.request.user) @@ -423,7 +426,6 @@ def operate_assets(self, request, *args, **kwargs): class AssetRetrieveConfigViewSet(ListModelMixin, GenericViewSet): queryset = Asset.objects.all() authentication_classes = [MiddlewareAuthentication] - permission_classes = [IsAuthenticated] serializer_class = AssetConfigSerializer @extend_schema( @@ -550,8 +552,6 @@ class AssetServiceViewSet( ) serializer_class = AssetServiceSerializer - permission_classes = (IsAuthenticated,) - lookup_field = "external_id" filter_backends = (filters.DjangoFilterBackend,) diff --git a/care/facility/api/viewsets/daily_round.py b/care/facility/api/viewsets/daily_round.py index 1423b7e50e..612c451437 100644 --- a/care/facility/api/viewsets/daily_round.py +++ b/care/facility/api/viewsets/daily_round.py @@ -41,10 +41,7 @@ class DailyRoundsViewSet( GenericViewSet, ): serializer_class = DailyRoundSerializer - permission_classes = ( - IsAuthenticated, - DRYPermissions, - ) + permission_classes = (IsAuthenticated, DRYPermissions) queryset = DailyRound.objects.all().select_related("created_by", "last_edited_by") lookup_field = "external_id" filterset_class = DailyRoundFilterSet diff --git a/care/facility/api/viewsets/events.py b/care/facility/api/viewsets/events.py index 32b81d3ab4..8dc1678b4d 100644 --- a/care/facility/api/viewsets/events.py +++ b/care/facility/api/viewsets/events.py @@ -4,7 +4,6 @@ from django_filters import rest_framework as filters from drf_spectacular.utils import extend_schema from rest_framework.decorators import action -from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response from rest_framework.serializers import BaseSerializer from rest_framework.viewsets import ReadOnlyModelViewSet @@ -21,7 +20,6 @@ class EventTypeViewSet(ReadOnlyModelViewSet): serializer_class = EventTypeSerializer queryset = EventType.objects.filter(is_active=True) - permission_classes = (IsAuthenticated,) def get_serializer_class(self) -> type[BaseSerializer]: if self.action == "roots": @@ -68,7 +66,6 @@ class PatientConsultationEventViewSet(ReadOnlyModelViewSet): queryset = PatientConsultationEvent.objects.all().select_related( "event_type", "caused_by" ) - permission_classes = (IsAuthenticated,) filter_backends = (filters.DjangoFilterBackend,) filterset_class = PatientConsultationEventFilterSet # lookup_field = "external_id" diff --git a/care/facility/api/viewsets/facility.py b/care/facility/api/viewsets/facility.py index 7b9d64c068..222f0591fd 100644 --- a/care/facility/api/viewsets/facility.py +++ b/care/facility/api/viewsets/facility.py @@ -79,10 +79,7 @@ class FacilityViewSet( queryset = Facility.objects.all().select_related( "ward", "local_body", "district", "state" ) - permission_classes = ( - IsAuthenticated, - DRYPermissions, - ) + permission_classes = (IsAuthenticated, DRYPermissions) filter_backends = ( FacilityQSPermissions, filters.DjangoFilterBackend, @@ -178,6 +175,7 @@ class AllFacilityViewSet( mixins.ListModelMixin, viewsets.GenericViewSet, ): + permission_classes = () queryset = Facility.objects.all().select_related("local_body", "district", "state") serializer_class = FacilityBasicInfoSerializer filter_backends = (filters.DjangoFilterBackend, drf_filters.SearchFilter) diff --git a/care/facility/api/viewsets/facility_capacity.py b/care/facility/api/viewsets/facility_capacity.py index cfb92ef8b7..dd18d13f62 100644 --- a/care/facility/api/viewsets/facility_capacity.py +++ b/care/facility/api/viewsets/facility_capacity.py @@ -18,10 +18,7 @@ class FacilityCapacityViewSet(FacilityBaseViewset, ListModelMixin): lookup_field = "external_id" serializer_class = FacilityCapacitySerializer queryset = FacilityCapacity.objects.filter(facility__deleted=False) - permission_classes = ( - IsAuthenticated, - DRYPermissions, - ) + permission_classes = (IsAuthenticated, DRYPermissions) def get_queryset(self): user = self.request.user diff --git a/care/facility/api/viewsets/facility_users.py b/care/facility/api/viewsets/facility_users.py index 578f326849..5d3cb79629 100644 --- a/care/facility/api/viewsets/facility_users.py +++ b/care/facility/api/viewsets/facility_users.py @@ -4,7 +4,6 @@ from rest_framework import filters as drf_filters from rest_framework import mixins from rest_framework.exceptions import ValidationError -from rest_framework.permissions import IsAuthenticated from rest_framework.viewsets import GenericViewSet from care.facility.models.facility import Facility @@ -28,7 +27,6 @@ class FacilityUserViewSet(GenericViewSet, mixins.ListModelMixin): serializer_class = UserAssignedSerializer filterset_class = UserFilter queryset = User.objects.all() - permission_classes = [IsAuthenticated] filter_backends = [ filters.DjangoFilterBackend, drf_filters.SearchFilter, diff --git a/care/facility/api/viewsets/file_upload.py b/care/facility/api/viewsets/file_upload.py index 2f9ad882c5..5e784fafb6 100644 --- a/care/facility/api/viewsets/file_upload.py +++ b/care/facility/api/viewsets/file_upload.py @@ -59,7 +59,7 @@ class FileUploadViewSet( queryset = ( FileUpload.objects.all().select_related("uploaded_by").order_by("-created_date") ) - permission_classes = [IsAuthenticated, FileUploadPermission] + permission_classes = (IsAuthenticated, FileUploadPermission) lookup_field = "external_id" filter_backends = (filters.DjangoFilterBackend,) filterset_class = FileUploadFilter diff --git a/care/facility/api/viewsets/hospital_doctor.py b/care/facility/api/viewsets/hospital_doctor.py index e2c1297d3e..6139634739 100644 --- a/care/facility/api/viewsets/hospital_doctor.py +++ b/care/facility/api/viewsets/hospital_doctor.py @@ -13,11 +13,7 @@ class HospitalDoctorViewSet(FacilityBaseViewset, ListModelMixin): serializer_class = HospitalDoctorSerializer queryset = HospitalDoctors.objects.filter(facility__deleted=False) - - permission_classes = ( - IsAuthenticated, - DRYPermissions, - ) + permission_classes = (IsAuthenticated, DRYPermissions) def get_queryset(self): user = self.request.user diff --git a/care/facility/api/viewsets/icd.py b/care/facility/api/viewsets/icd.py index d836de3b5f..e18d86de23 100644 --- a/care/facility/api/viewsets/icd.py +++ b/care/facility/api/viewsets/icd.py @@ -1,6 +1,5 @@ from django.http import Http404 from redis_om import FindQuery -from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response from rest_framework.viewsets import ViewSet @@ -9,7 +8,6 @@ class ICDViewSet(ViewSet): - permission_classes = (IsAuthenticated,) def serialize_data(self, objects: list[ICD11]): return [diagnosis.get_representation() for diagnosis in objects] diff --git a/care/facility/api/viewsets/inventory.py b/care/facility/api/viewsets/inventory.py index 3453c6c3b4..e50d353635 100644 --- a/care/facility/api/viewsets/inventory.py +++ b/care/facility/api/viewsets/inventory.py @@ -52,7 +52,6 @@ class FacilityInventoryItemViewSet( .prefetch_related("allowed_units", "tags") .all() ) - permission_classes = (IsAuthenticated,) filter_backends = (filters.DjangoFilterBackend,) filterset_class = FacilityInventoryFilter diff --git a/care/facility/api/viewsets/notification.py b/care/facility/api/viewsets/notification.py index 183e873a3f..213f1324e9 100644 --- a/care/facility/api/viewsets/notification.py +++ b/care/facility/api/viewsets/notification.py @@ -6,7 +6,7 @@ from rest_framework.exceptions import PermissionDenied, ValidationError from rest_framework.generics import get_object_or_404 from rest_framework.mixins import ListModelMixin, RetrieveModelMixin, UpdateModelMixin -from rest_framework.permissions import IsAuthenticated, IsAuthenticatedOrReadOnly +from rest_framework.permissions import IsAuthenticatedOrReadOnly from rest_framework.response import Response from rest_framework.serializers import CharField, UUIDField from rest_framework.viewsets import GenericViewSet @@ -38,7 +38,6 @@ class NotificationViewSet( .order_by("-created_date") ) serializer_class = NotificationSerializer - permission_classes = [IsAuthenticated] lookup_field = "external_id" filter_backends = (filters.DjangoFilterBackend,) filterset_class = NotificationFilter diff --git a/care/facility/api/viewsets/open_id.py b/care/facility/api/viewsets/open_id.py index 0f2cd2f910..cb0f186bd8 100644 --- a/care/facility/api/viewsets/open_id.py +++ b/care/facility/api/viewsets/open_id.py @@ -2,7 +2,6 @@ from django.utils.decorators import method_decorator from django.views.decorators.cache import cache_page from rest_framework.generics import GenericAPIView -from rest_framework.permissions import AllowAny from rest_framework.response import Response @@ -12,7 +11,7 @@ class PublicJWKsView(GenericAPIView): """ authentication_classes = () - permission_classes = (AllowAny,) + permission_classes = () @method_decorator(cache_page(60 * 60 * 24)) def get(self, *args, **kwargs): diff --git a/care/facility/api/viewsets/patient.py b/care/facility/api/viewsets/patient.py index f7cb1a05e0..043c1046ab 100644 --- a/care/facility/api/viewsets/patient.py +++ b/care/facility/api/viewsets/patient.py @@ -789,10 +789,7 @@ class FacilityPatientStatsHistoryFilterSet(filters.FilterSet): class FacilityPatientStatsHistoryViewSet(viewsets.ModelViewSet): lookup_field = "external_id" - permission_classes = ( - IsAuthenticated, - DRYPermissions, - ) + permission_classes = (IsAuthenticated, DRYPermissions) queryset = FacilityPatientStatsHistory.objects.filter( facility__deleted=False ).order_by("-entry_date") @@ -958,7 +955,6 @@ class PatientNotesEditViewSet( queryset = PatientNotesEdit.objects.all().order_by("-edited_date") lookup_field = "external_id" serializer_class = PatientNotesEditSerializer - permission_classes = (IsAuthenticated,) def get_queryset(self): user = self.request.user diff --git a/care/facility/api/viewsets/patient_investigation.py b/care/facility/api/viewsets/patient_investigation.py index bb9682abff..07350e4a41 100644 --- a/care/facility/api/viewsets/patient_investigation.py +++ b/care/facility/api/viewsets/patient_investigation.py @@ -10,7 +10,6 @@ from rest_framework.decorators import action from rest_framework.exceptions import ValidationError from rest_framework.pagination import PageNumberPagination -from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response from care.facility.api.serializers.patient_investigation import ( @@ -60,7 +59,6 @@ class InvestigationGroupViewset( serializer_class = PatientInvestigationGroupSerializer queryset = PatientInvestigationGroup.objects.all() lookup_field = "external_id" - permission_classes = (IsAuthenticated,) filterset_class = InvestigationGroupFilter filter_backends = (filters.DjangoFilterBackend,) @@ -76,7 +74,6 @@ class PatientInvestigationViewSet( serializer_class = PatientInvestigationSerializer queryset = PatientInvestigation.objects.all().prefetch_related("groups") lookup_field = "external_id" - permission_classes = (IsAuthenticated,) filterset_class = PatientInvestigationFilter filter_backends = (filters.DjangoFilterBackend,) pagination_class = InvestigationResultsSetPagination @@ -101,7 +98,6 @@ class PatientInvestigationSummaryViewSet( serializer_class = InvestigationValueSerializer queryset = InvestigationValue.objects.select_related("consultation").all() lookup_field = "external_id" - permission_classes = (IsAuthenticated,) filterset_class = PatientInvestigationFilter filter_backends = (filters.DjangoFilterBackend,) pagination_class = InvestigationSummaryResultsSetPagination @@ -157,7 +153,6 @@ class InvestigationValueViewSet( serializer_class = InvestigationValueSerializer queryset = InvestigationValue.objects.select_related("consultation").all() lookup_field = "external_id" - permission_classes = (IsAuthenticated,) filterset_class = PatientInvestigationFilter filter_backends = (filters.DjangoFilterBackend,) pagination_class = InvestigationValueSetPagination diff --git a/care/facility/api/viewsets/patient_otp.py b/care/facility/api/viewsets/patient_otp.py index af365533ce..ca88d83793 100644 --- a/care/facility/api/viewsets/patient_otp.py +++ b/care/facility/api/viewsets/patient_otp.py @@ -5,7 +5,6 @@ from rest_framework import mixins from rest_framework.decorators import action from rest_framework.exceptions import ValidationError -from rest_framework.permissions import AllowAny from rest_framework.response import Response from rest_framework.viewsets import GenericViewSet @@ -20,7 +19,8 @@ class PatientMobileOTPViewSet( mixins.CreateModelMixin, GenericViewSet, ): - permission_classes = (AllowAny,) + authentication_classes = () + permission_classes = () serializer_class = PatientMobileOTPSerializer queryset = PatientMobileOTP.objects.all() diff --git a/care/facility/api/viewsets/patient_otp_data.py b/care/facility/api/viewsets/patient_otp_data.py index a3c0302788..76647ae5c5 100644 --- a/care/facility/api/viewsets/patient_otp_data.py +++ b/care/facility/api/viewsets/patient_otp_data.py @@ -1,5 +1,4 @@ from rest_framework.mixins import ListModelMixin, RetrieveModelMixin -from rest_framework.permissions import IsAuthenticated from rest_framework.viewsets import GenericViewSet from care.facility.api.serializers.patient import ( @@ -14,7 +13,6 @@ class OTPPatientDataViewSet(RetrieveModelMixin, ListModelMixin, GenericViewSet): authentication_classes = (JWTTokenPatientAuthentication,) lookup_field = "external_id" - permission_classes = (IsAuthenticated,) queryset = PatientRegistration.objects.all() serializer_class = PatientDetailSerializer diff --git a/care/facility/api/viewsets/patient_sample.py b/care/facility/api/viewsets/patient_sample.py index d6b5f9d3b3..0c698c95a8 100644 --- a/care/facility/api/viewsets/patient_sample.py +++ b/care/facility/api/viewsets/patient_sample.py @@ -76,10 +76,7 @@ class PatientSampleViewSet( ) .order_by("-id") ) - permission_classes = ( - IsAuthenticated, - DRYPermissions, - ) + permission_classes = (IsAuthenticated, DRYPermissions) filter_backends = ( PatientSampleFilterBackend, filters.DjangoFilterBackend, diff --git a/care/facility/api/viewsets/prescription.py b/care/facility/api/viewsets/prescription.py index a551dd639f..fe8914098c 100644 --- a/care/facility/api/viewsets/prescription.py +++ b/care/facility/api/viewsets/prescription.py @@ -184,7 +184,6 @@ def administer(self, request, *args, **kwargs): class MedibaseViewSet(ViewSet): - permission_classes = (IsAuthenticated,) def serialize_data(self, objects: list[MedibaseMedicine]): return [medicine.get_representation() for medicine in objects] diff --git a/care/facility/api/viewsets/resources.py b/care/facility/api/viewsets/resources.py index 3f26fce431..711f7fcac2 100644 --- a/care/facility/api/viewsets/resources.py +++ b/care/facility/api/viewsets/resources.py @@ -116,7 +116,6 @@ class ResourceRequestViewSet( "emergency", "priority", ] - permission_classes = (IsAuthenticated, DRYPermissions) filter_backends = ( filters.DjangoFilterBackend, @@ -150,8 +149,6 @@ class ResourceRequestCommentViewSet( lookup_field = "external_id" queryset = ResourceRequestComment.objects.all().order_by("-created_date") - permission_classes = (IsAuthenticated,) - def get_queryset(self): queryset = self.queryset.filter( request__external_id=self.kwargs.get("resource_external_id") diff --git a/care/users/api/viewsets/change_password.py b/care/users/api/viewsets/change_password.py index 806eb0a414..805bebddd9 100644 --- a/care/users/api/viewsets/change_password.py +++ b/care/users/api/viewsets/change_password.py @@ -2,7 +2,6 @@ from drf_spectacular.utils import extend_schema, extend_schema_view from rest_framework import serializers, status from rest_framework.generics import UpdateAPIView -from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response User = get_user_model() @@ -28,7 +27,6 @@ class ChangePasswordView(UpdateAPIView): serializer_class = ChangePasswordSerializer model = User - permission_classes = (IsAuthenticated,) def update(self, request, *args, **kwargs): self.object = self.request.user diff --git a/care/users/api/viewsets/users.py b/care/users/api/viewsets/users.py index 937a8d3d00..9deec755de 100644 --- a/care/users/api/viewsets/users.py +++ b/care/users/api/viewsets/users.py @@ -114,10 +114,7 @@ class UserViewSet( queryset = queryset.filter(Q(asset__isnull=True)) lookup_field = "username" lookup_value_regex = "[^/]+" - permission_classes = ( - IsAuthenticated, - DRYPermissions, - ) + permission_classes = (IsAuthenticated, DRYPermissions) filter_backends = ( filters.DjangoFilterBackend, rest_framework_filters.OrderingFilter, diff --git a/care/users/api/viewsets/userskill.py b/care/users/api/viewsets/userskill.py index 59c689396b..358f8c56d5 100644 --- a/care/users/api/viewsets/userskill.py +++ b/care/users/api/viewsets/userskill.py @@ -38,7 +38,7 @@ class UserSkillViewSet( serializer_class = UserSkillSerializer queryset = UserSkill.objects.all() lookup_field = "external_id" - permission_classes = [UserSkillPermission] + permission_classes = (UserSkillPermission,) def get_queryset(self): username = self.kwargs["users_username"] diff --git a/config/health_views.py b/config/health_views.py index 4b1febf74f..99628d9c3c 100644 --- a/config/health_views.py +++ b/config/health_views.py @@ -1,4 +1,3 @@ -from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response from rest_framework.views import APIView @@ -11,7 +10,6 @@ class MiddlewareAuthenticationVerifyView(APIView): authentication_classes = [MiddlewareAuthentication] - permission_classes = [IsAuthenticated] def get(self, request): return Response(UserBaseMinimumSerializer(request.user).data) @@ -19,7 +17,6 @@ def get(self, request): class MiddlewareAssetAuthenticationVerifyView(APIView): authentication_classes = [MiddlewareAssetAuthentication] - permission_classes = [IsAuthenticated] def get(self, request): return Response(UserBaseMinimumSerializer(request.user).data) diff --git a/config/settings/base.py b/config/settings/base.py index 1908b24390..4c439790b6 100644 --- a/config/settings/base.py +++ b/config/settings/base.py @@ -362,6 +362,9 @@ "config.authentication.CustomBasicAuthentication", "rest_framework.authentication.SessionAuthentication", ), + "DEFAULT_PERMISSION_CLASSES": [ + "rest_framework.permissions.IsAuthenticated", + ], "DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.LimitOffsetPagination", "PAGE_SIZE": 14, "SEARCH_PARAM": "search_text",