From ebe4e913d300b72ed626d2284cee5274729ba66f Mon Sep 17 00:00:00 2001 From: Bojan Mihelac Date: Wed, 5 Jan 2022 12:21:43 +0100 Subject: [PATCH 1/2] Fix default REST_FRAMEWORK permission classes could break api views --- wagtail_localize/test/settings.py | 9 +++++++++ wagtail_localize/views/edit_translation.py | 5 ++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/wagtail_localize/test/settings.py b/wagtail_localize/test/settings.py index 082a0e0b..a08ba51b 100644 --- a/wagtail_localize/test/settings.py +++ b/wagtail_localize/test/settings.py @@ -179,3 +179,12 @@ DEFAULT_AUTO_FIELD = "django.db.models.AutoField" + + +# wagtail localize should not use DEFAULT_PERMISSION_CLASSES +# see: https://github.com/wagtail/wagtail-localize/issues/499 +REST_FRAMEWORK = { + "DEFAULT_PERMISSION_CLASSES": [ + "rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly" + ], +} diff --git a/wagtail_localize/views/edit_translation.py b/wagtail_localize/views/edit_translation.py index 1b8a83f6..5ded138d 100644 --- a/wagtail_localize/views/edit_translation.py +++ b/wagtail_localize/views/edit_translation.py @@ -19,7 +19,8 @@ from django.views.decorators.http import require_POST from modelcluster.fields import ParentalKey from rest_framework import serializers, status -from rest_framework.decorators import api_view +from rest_framework.decorators import api_view, permission_classes +from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response from wagtail.admin import messages from wagtail.admin.edit_handlers import ( @@ -984,6 +985,7 @@ def restart_translation(request, translation, instance): @api_view(["PUT", "DELETE"]) +@permission_classes([IsAuthenticated]) def edit_string_translation(request, translation_id, string_segment_id): translation = get_object_or_404(Translation, id=translation_id) string_segment = get_object_or_404(StringSegment, id=string_segment_id) @@ -1041,6 +1043,7 @@ def edit_string_translation(request, translation_id, string_segment_id): @api_view(["PUT", "DELETE"]) +@permission_classes([IsAuthenticated]) def edit_override(request, translation_id, overridable_segment_id): translation = get_object_or_404(Translation, id=translation_id) overridable_segment = get_object_or_404( From d6ec08bc51602c2a0e896462348c77fadaebad2e Mon Sep 17 00:00:00 2001 From: Bojan Mihelac Date: Wed, 5 Jan 2022 13:00:03 +0100 Subject: [PATCH 2/2] non working - try to override_settings DEFAULT_PERMISSION_CLASSES --- wagtail_localize/test/settings.py | 10 +++++----- wagtail_localize/tests/test_edit_translation.py | 9 ++++++++- wagtail_localize/views/edit_translation.py | 2 +- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/wagtail_localize/test/settings.py b/wagtail_localize/test/settings.py index a08ba51b..a9135ca5 100644 --- a/wagtail_localize/test/settings.py +++ b/wagtail_localize/test/settings.py @@ -183,8 +183,8 @@ # wagtail localize should not use DEFAULT_PERMISSION_CLASSES # see: https://github.com/wagtail/wagtail-localize/issues/499 -REST_FRAMEWORK = { - "DEFAULT_PERMISSION_CLASSES": [ - "rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly" - ], -} +# REST_FRAMEWORK = { + # "DEFAULT_PERMISSION_CLASSES": [ + # "rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly" + # ], +# } diff --git a/wagtail_localize/tests/test_edit_translation.py b/wagtail_localize/tests/test_edit_translation.py index 6b44a7ee..f3219cf9 100644 --- a/wagtail_localize/tests/test_edit_translation.py +++ b/wagtail_localize/tests/test_edit_translation.py @@ -11,7 +11,7 @@ from django.contrib.contenttypes.models import ContentType from django.contrib.messages import get_messages from django.core.files.uploadedfile import SimpleUploadedFile -from django.test import TestCase +from django.test import TestCase, override_settings from django.urls import reverse from django.utils import timezone from django.utils.translation import gettext_lazy @@ -2226,6 +2226,13 @@ def test_cant_edit_overrides_without_page_perms(self): self.assertEqual(response.status_code, 403) + def test_update_override_with_default_permissions_classes(self): + with override_settings(REST_FRAMEWORK={'DEFAULT_PERMISSION_CLASSES': ["rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly"]}): + from wagtail_localize.views.edit_translation import edit_override + from rest_framework.permissions import DjangoModelPermissionsOrAnonReadOnly + print(edit_override.view_class.permission_classes) + assert edit_override.view_class.permission_classes == [DjangoModelPermissionsOrAnonReadOnly] + class TestDownloadPOFileView(EditTranslationTestData, TestCase): def test_download_pofile_page(self): diff --git a/wagtail_localize/views/edit_translation.py b/wagtail_localize/views/edit_translation.py index 5ded138d..92717e7f 100644 --- a/wagtail_localize/views/edit_translation.py +++ b/wagtail_localize/views/edit_translation.py @@ -1043,7 +1043,7 @@ def edit_string_translation(request, translation_id, string_segment_id): @api_view(["PUT", "DELETE"]) -@permission_classes([IsAuthenticated]) +# @permission_classes([IsAuthenticated]) def edit_override(request, translation_id, overridable_segment_id): translation = get_object_or_404(Translation, id=translation_id) overridable_segment = get_object_or_404(