do not check permissions in api v1 as they are checked by nginx already
This commit is contained in:
parent
7369db8512
commit
dedf98a12e
2 changed files with 14 additions and 2 deletions
|
|
@ -1,10 +1,12 @@
|
|||
from rest_framework.decorators import api_view
|
||||
from rest_framework.decorators import api_view, permission_classes, authentication_classes
|
||||
from rest_framework.response import Response
|
||||
|
||||
from .settings import SYSTEM3_VERSION
|
||||
|
||||
|
||||
@api_view(['GET'])
|
||||
@permission_classes([])
|
||||
@authentication_classes([])
|
||||
def get_info(request):
|
||||
return Response({
|
||||
"framework_version": SYSTEM3_VERSION,
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ from datetime import datetime
|
|||
|
||||
from django.urls import path
|
||||
from rest_framework import routers, viewsets, serializers
|
||||
from rest_framework.decorators import api_view
|
||||
from rest_framework.decorators import api_view, permission_classes, authentication_classes
|
||||
from rest_framework.response import Response
|
||||
|
||||
from files.models import File
|
||||
|
|
@ -19,6 +19,8 @@ class EventSerializer(serializers.ModelSerializer):
|
|||
class EventViewSet(viewsets.ModelViewSet):
|
||||
serializer_class = EventSerializer
|
||||
queryset = Event.objects.all()
|
||||
permission_classes = []
|
||||
authentication_classes = []
|
||||
|
||||
|
||||
class ContainerSerializer(serializers.ModelSerializer):
|
||||
|
|
@ -36,6 +38,8 @@ class ContainerSerializer(serializers.ModelSerializer):
|
|||
class ContainerViewSet(viewsets.ModelViewSet):
|
||||
serializer_class = ContainerSerializer
|
||||
queryset = Container.objects.all()
|
||||
permission_classes = []
|
||||
authentication_classes = []
|
||||
|
||||
|
||||
class ItemSerializer(serializers.ModelSerializer):
|
||||
|
|
@ -89,6 +93,8 @@ class ItemSerializer(serializers.ModelSerializer):
|
|||
|
||||
|
||||
@api_view(['GET'])
|
||||
@permission_classes([])
|
||||
@authentication_classes([])
|
||||
def search_items(request, event_slug, query):
|
||||
event = Event.objects.get(slug=event_slug)
|
||||
query_tokens = query.split(' ')
|
||||
|
|
@ -100,6 +106,8 @@ def search_items(request, event_slug, query):
|
|||
|
||||
|
||||
@api_view(['GET', 'POST'])
|
||||
@permission_classes([])
|
||||
@authentication_classes([])
|
||||
def item(request, event_slug):
|
||||
event = Event.objects.get(slug=event_slug)
|
||||
if request.method == 'GET':
|
||||
|
|
@ -112,6 +120,8 @@ def item(request, event_slug):
|
|||
|
||||
|
||||
@api_view(['GET', 'PUT', 'DELETE'])
|
||||
@permission_classes([])
|
||||
@authentication_classes([])
|
||||
def item_by_id(request, event_slug, id):
|
||||
try:
|
||||
event = Event.objects.get(slug=event_slug)
|
||||
|
|
|
|||
Loading…
Reference in a new issue