Skip to content

Commit

Permalink
Fix existing Cyberstorm views permission classes
Browse files Browse the repository at this point in the history
  • Loading branch information
Oksamies committed Aug 20, 2024
1 parent 332ca7e commit 738b056
Show file tree
Hide file tree
Showing 9 changed files with 20 additions and 9 deletions.
4 changes: 2 additions & 2 deletions django/thunderstore/api/cyberstorm/tests/test_team.py
Original file line number Diff line number Diff line change
Expand Up @@ -57,13 +57,13 @@ def test_team_api_view__for_inactive_team__returns_404(


@pytest.mark.django_db
def test_team_membership_permission__for_unauthenticated_user__returns_401(
def test_team_membership_permission__for_no_user__returns_403(
api_client: APIClient,
team: Team,
):
response = api_client.get(f"/api/cyberstorm/team/{team.name}/member/")

assert response.status_code == 401
assert response.status_code == 403


@pytest.mark.django_db
Expand Down
3 changes: 2 additions & 1 deletion django/thunderstore/api/cyberstorm/views/community.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
from rest_framework.generics import RetrieveAPIView
from rest_framework.permissions import AllowAny

from thunderstore.api.cyberstorm.serializers import CyberstormCommunitySerializer
from thunderstore.api.utils import CyberstormAutoSchemaMixin
Expand All @@ -8,7 +9,7 @@
class CommunityAPIView(CyberstormAutoSchemaMixin, RetrieveAPIView):
lookup_url_kwarg = "community_id"
lookup_field = "identifier"
permission_classes = []
permission_classes = [AllowAny]

# Unlisted communities are included, as direct links to them should work.
queryset = Community.objects.all()
Expand Down
2 changes: 2 additions & 0 deletions django/thunderstore/api/cyberstorm/views/community_filters.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
from rest_framework import serializers
from rest_framework.generics import get_object_or_404
from rest_framework.permissions import AllowAny
from rest_framework.request import Request
from rest_framework.response import Response
from rest_framework.views import APIView
Expand All @@ -23,6 +24,7 @@ class CommunityFiltersAPIView(APIView):
they can be used as filters.
"""

permission_classes = [AllowAny]
queryset = Community.objects.prefetch_related("package_categories")
serializer_class = CommunityFiltersAPIViewSerializer

Expand Down
3 changes: 2 additions & 1 deletion django/thunderstore/api/cyberstorm/views/community_list.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
from rest_framework.filters import SearchFilter
from rest_framework.generics import ListAPIView
from rest_framework.pagination import PageNumberPagination
from rest_framework.permissions import AllowAny

from thunderstore.api.cyberstorm.serializers import CyberstormCommunitySerializer
from thunderstore.api.ordering import StrictOrderingFilter
Expand All @@ -13,7 +14,7 @@ class CommunityPaginator(PageNumberPagination):


class CommunityListAPIView(CyberstormAutoSchemaMixin, ListAPIView):
permission_classes = []
permission_classes = [AllowAny]
serializer_class = CyberstormCommunitySerializer
pagination_class = CommunityPaginator
queryset = Community.objects.listed()
Expand Down
3 changes: 3 additions & 0 deletions django/thunderstore/api/cyberstorm/views/markdown.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
from django.http import Http404
from rest_framework import serializers
from rest_framework.generics import RetrieveAPIView, get_object_or_404
from rest_framework.permissions import AllowAny

from thunderstore.api.utils import CyberstormAutoSchemaMixin
from thunderstore.markdown.templatetags.markdownify import render_markdown
Expand All @@ -20,6 +21,7 @@ class PackageVersionReadmeAPIView(CyberstormAutoSchemaMixin, RetrieveAPIView):
If no version number is provided, the latest version is used.
"""

permission_classes = [AllowAny]
serializer_class = CyberstormMarkdownResponseSerializer

def get_object(self):
Expand All @@ -39,6 +41,7 @@ class PackageVersionChangelogAPIView(CyberstormAutoSchemaMixin, RetrieveAPIView)
If no version number is provided, the latest version is used.
"""

permission_classes = [AllowAny]
serializer_class = CyberstormMarkdownResponseSerializer

def get_object(self):
Expand Down
2 changes: 2 additions & 0 deletions django/thunderstore/api/cyberstorm/views/package_listing.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
)
from rest_framework import serializers
from rest_framework.generics import RetrieveAPIView, get_object_or_404
from rest_framework.permissions import AllowAny

from thunderstore.api.cyberstorm.serializers import (
CyberstormPackageCategorySerializer,
Expand Down Expand Up @@ -114,6 +115,7 @@ class ResponseSerializer(serializers.Serializer):


class PackageListingAPIView(CyberstormAutoSchemaMixin, RetrieveAPIView):
permission_classes = [AllowAny]
serializer_class = ResponseSerializer

def get_object(self):
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
from rest_framework import serializers
from rest_framework.generics import ListAPIView, get_object_or_404
from rest_framework.pagination import PageNumberPagination
from rest_framework.permissions import AllowAny

from thunderstore.api.cyberstorm.serializers import CyberstormPackagePreviewSerializer
from thunderstore.api.utils import conditional_swagger_auto_schema
Expand Down Expand Up @@ -105,6 +106,7 @@ class BasePackageListAPIView(ListAPIView):
methods, whereas the rest are overwritten methods from ListAPIView.
"""

permission_classes = [AllowAny]
pagination_class = PackageListPaginator
serializer_class = CyberstormPackagePreviewSerializer
viewname: str = "" # Define in subclass
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
from rest_framework import serializers
from rest_framework.generics import ListAPIView, get_object_or_404
from rest_framework.permissions import AllowAny

from thunderstore.api.utils import CyberstormAutoSchemaMixin
from thunderstore.repository.models import Package
Expand All @@ -18,6 +19,7 @@ class PackageVersionListAPIView(CyberstormAutoSchemaMixin, ListAPIView):
Return a list of available versions of the package.
"""

permission_classes = [AllowAny]
serializer_class = CyberstormPackageVersionSerializer

def get_queryset(self):
Expand Down
8 changes: 3 additions & 5 deletions django/thunderstore/api/cyberstorm/views/team.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
from rest_framework import serializers
from rest_framework.exceptions import PermissionDenied, ValidationError
from rest_framework.generics import ListAPIView, RetrieveAPIView, get_object_or_404
from rest_framework.permissions import IsAuthenticated
from rest_framework.permissions import AllowAny
from rest_framework.request import Request
from rest_framework.response import Response
from rest_framework.views import APIView
Expand All @@ -23,6 +23,7 @@


class TeamAPIView(CyberstormAutoSchemaMixin, RetrieveAPIView):
permission_classes = [AllowAny]
serializer_class = CyberstormTeamSerializer
queryset = Team.objects.exclude(is_active=False)
lookup_field = "name__iexact"
Expand All @@ -34,8 +35,6 @@ class TeamRestrictedAPIView(ListAPIView):
Ensure the user is a member of the Team.
"""

permission_classes = [IsAuthenticated]

def check_permissions(self, request: Request) -> None:
super().check_permissions(request)

Expand All @@ -47,6 +46,7 @@ def check_permissions(self, request: Request) -> None:


class TeamMemberListAPIView(CyberstormAutoSchemaMixin, TeamRestrictedAPIView):
permission_classes = [AllowAny]
serializer_class = CyberstormTeamMemberSerializer
filter_backends = [StrictOrderingFilter]
ordering = ["-role", "user__username"]
Expand All @@ -73,8 +73,6 @@ class CyberstormTeamAddMemberResponseSerialiazer(serializers.Serializer):


class TeamMemberAddAPIView(APIView):
permission_classes = [IsAuthenticated]

@conditional_swagger_auto_schema(
request_body=CyberstormTeamAddMemberRequestSerialiazer,
responses={200: CyberstormTeamAddMemberResponseSerialiazer},
Expand Down

0 comments on commit 738b056

Please sign in to comment.