do not check permissions in api v1 as they are checked by nginx already

This commit is contained in:
j3d1 2023-11-20 06:46:43 +01:00
parent 7369db8512
commit dedf98a12e
2 changed files with 14 additions and 2 deletions

View file

@ -1,10 +1,12 @@
from rest_framework.decorators import api_view from rest_framework.decorators import api_view, permission_classes, authentication_classes
from rest_framework.response import Response from rest_framework.response import Response
from .settings import SYSTEM3_VERSION from .settings import SYSTEM3_VERSION
@api_view(['GET']) @api_view(['GET'])
@permission_classes([])
@authentication_classes([])
def get_info(request): def get_info(request):
return Response({ return Response({
"framework_version": SYSTEM3_VERSION, "framework_version": SYSTEM3_VERSION,

View file

@ -2,7 +2,7 @@ from datetime import datetime
from django.urls import path from django.urls import path
from rest_framework import routers, viewsets, serializers from rest_framework import routers, viewsets, serializers
from rest_framework.decorators import api_view from rest_framework.decorators import api_view, permission_classes, authentication_classes
from rest_framework.response import Response from rest_framework.response import Response
from files.models import File from files.models import File
@ -19,6 +19,8 @@ class EventSerializer(serializers.ModelSerializer):
class EventViewSet(viewsets.ModelViewSet): class EventViewSet(viewsets.ModelViewSet):
serializer_class = EventSerializer serializer_class = EventSerializer
queryset = Event.objects.all() queryset = Event.objects.all()
permission_classes = []
authentication_classes = []
class ContainerSerializer(serializers.ModelSerializer): class ContainerSerializer(serializers.ModelSerializer):
@ -36,6 +38,8 @@ class ContainerSerializer(serializers.ModelSerializer):
class ContainerViewSet(viewsets.ModelViewSet): class ContainerViewSet(viewsets.ModelViewSet):
serializer_class = ContainerSerializer serializer_class = ContainerSerializer
queryset = Container.objects.all() queryset = Container.objects.all()
permission_classes = []
authentication_classes = []
class ItemSerializer(serializers.ModelSerializer): class ItemSerializer(serializers.ModelSerializer):
@ -89,6 +93,8 @@ class ItemSerializer(serializers.ModelSerializer):
@api_view(['GET']) @api_view(['GET'])
@permission_classes([])
@authentication_classes([])
def search_items(request, event_slug, query): def search_items(request, event_slug, query):
event = Event.objects.get(slug=event_slug) event = Event.objects.get(slug=event_slug)
query_tokens = query.split(' ') query_tokens = query.split(' ')
@ -100,6 +106,8 @@ def search_items(request, event_slug, query):
@api_view(['GET', 'POST']) @api_view(['GET', 'POST'])
@permission_classes([])
@authentication_classes([])
def item(request, event_slug): def item(request, event_slug):
event = Event.objects.get(slug=event_slug) event = Event.objects.get(slug=event_slug)
if request.method == 'GET': if request.method == 'GET':
@ -112,6 +120,8 @@ def item(request, event_slug):
@api_view(['GET', 'PUT', 'DELETE']) @api_view(['GET', 'PUT', 'DELETE'])
@permission_classes([])
@authentication_classes([])
def item_by_id(request, event_slug, id): def item_by_id(request, event_slug, id):
try: try:
event = Event.objects.get(slug=event_slug) event = Event.objects.get(slug=event_slug)