wagtail · bmihelac · Jan 5, 2022 · Jan 5, 2022
diff --git a/wagtail_localize/test/settings.py b/wagtail_localize/test/settings.py
@@ -179,3 +179,12 @@
 
 
 DEFAULT_AUTO_FIELD = "django.db.models.AutoField"
+
+
+# wagtail localize should not use DEFAULT_PERMISSION_CLASSES
+# see: https://github.com/wagtail/wagtail-localize/issues/499
+# REST_FRAMEWORK = {
+    # "DEFAULT_PERMISSION_CLASSES": [
+        # "rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly"
+    # ],
+# }
diff --git a/wagtail_localize/tests/test_edit_translation.py b/wagtail_localize/tests/test_edit_translation.py
@@ -11,7 +11,7 @@
 from django.contrib.contenttypes.models import ContentType
 from django.contrib.messages import get_messages
 from django.core.files.uploadedfile import SimpleUploadedFile
-from django.test import TestCase
+from django.test import TestCase, override_settings
 from django.urls import reverse
 from django.utils import timezone
 from django.utils.translation import gettext_lazy
@@ -2226,6 +2226,13 @@ def test_cant_edit_overrides_without_page_perms(self):
 
         self.assertEqual(response.status_code, 403)
 
+    def test_update_override_with_default_permissions_classes(self):
+        with override_settings(REST_FRAMEWORK={'DEFAULT_PERMISSION_CLASSES': ["rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly"]}):
+            from wagtail_localize.views.edit_translation import edit_override
+            from rest_framework.permissions import DjangoModelPermissionsOrAnonReadOnly
+            print(edit_override.view_class.permission_classes)
+            assert edit_override.view_class.permission_classes == [DjangoModelPermissionsOrAnonReadOnly]
+
 
 class TestDownloadPOFileView(EditTranslationTestData, TestCase):
     def test_download_pofile_page(self):

diff --git a/wagtail_localize/views/edit_translation.py b/wagtail_localize/views/edit_translation.py
@@ -19,7 +19,8 @@
 from django.views.decorators.http import require_POST
 from modelcluster.fields import ParentalKey
 from rest_framework import serializers, status
-from rest_framework.decorators import api_view
+from rest_framework.decorators import api_view, permission_classes
+from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from wagtail.admin import messages
 from wagtail.admin.edit_handlers import (
@@ -984,6 +985,7 @@ def restart_translation(request, translation, instance):
 
 
 @api_view(["PUT", "DELETE"])
+@permission_classes([IsAuthenticated])
 def edit_string_translation(request, translation_id, string_segment_id):
     translation = get_object_or_404(Translation, id=translation_id)
     string_segment = get_object_or_404(StringSegment, id=string_segment_id)
@@ -1041,6 +1043,7 @@ def edit_string_translation(request, translation_id, string_segment_id):
 
 
 @api_view(["PUT", "DELETE"])
+# @permission_classes([IsAuthenticated])
 def edit_override(request, translation_id, overridable_segment_id):
     translation = get_object_or_404(Translation, id=translation_id)
     overridable_segment = get_object_or_404(