From 0295268f7cd65593a259a7a00b83eac8ae876c33 Mon Sep 17 00:00:00 2001 From: Jorge Date: Thu, 4 Nov 2021 22:09:31 -0400 Subject: [PATCH] Make the list of collaborators accessible to unauthenticated users as a read-only list --- store_backend/plugins/tests/test_views.py | 8 -------- store_backend/plugins/views.py | 5 ++--- 2 files changed, 2 insertions(+), 11 deletions(-) diff --git a/store_backend/plugins/tests/test_views.py b/store_backend/plugins/tests/test_views.py index 985df7c..8ffe8bd 100755 --- a/store_backend/plugins/tests/test_views.py +++ b/store_backend/plugins/tests/test_views.py @@ -316,10 +316,6 @@ def test_plugin_meta_collaborator_list_success_authenticated(self): self.assertContains(response, self.username) self.assertNotContains(response, 'bob') - def test_plugin_meta_collaborator_list_failure_unauthenticated(self): - response = self.client.get(self.create_read_url) - self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) - class PluginMetaCollaboratorDetailViewTests(ViewTests): """ @@ -343,10 +339,6 @@ def test_plugin_meta_collaborator_detail_success_authenticated(self): response = self.client.get(self.read_update_delete_url) self.assertContains(response, self.plugin_name) - def test_plugin_meta_collaborator_detail__failure_unauthenticated(self): - response = self.client.get(self.read_update_delete_url) - self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) - def test_plugin_meta_collaborator_update_success(self): meta = PluginMeta.objects.get(name=self.plugin_name) user = User.objects.get(username='another') diff --git a/store_backend/plugins/views.py b/store_backend/plugins/views.py index 1ca0200..a006ed0 100755 --- a/store_backend/plugins/views.py +++ b/store_backend/plugins/views.py @@ -184,7 +184,7 @@ class PluginMetaCollaboratorList(generics.ListCreateAPIView): http_method_names = ['get', 'post'] queryset = PluginMeta.objects.all() serializer_class = PluginMetaCollaboratorSerializer - permission_classes = (permissions.IsAuthenticated, IsMetaOwnerOrReadOnly,) + permission_classes = (IsMetaOwnerOrReadOnly,) def get_plugin_meta_collaborators_queryset(self): """ @@ -225,8 +225,7 @@ class PluginMetaCollaboratorDetail(generics.RetrieveUpdateDestroyAPIView): http_method_names = ['get', 'put', 'delete'] queryset = PluginMetaCollaborator.objects.all() serializer_class = PluginMetaCollaboratorSerializer - permission_classes = (permissions.IsAuthenticated, - IsObjMetaOwnerAndNotUserOrReadOnly,) + permission_classes = (IsObjMetaOwnerAndNotUserOrReadOnly,) def retrieve(self, request, *args, **kwargs): """