From cf8aad60c873acaf8ed791cca92bac3b059d448d Mon Sep 17 00:00:00 2001
From: Ernesto Rico Schmidt <ernesto@helsinki.at>
Date: Mon, 8 Apr 2024 19:58:04 -0400
Subject: [PATCH] =?UTF-8?q?refactor:=20remove=20DisabledObjectPermissionCh?=
=?UTF-8?q?eckMixin=20since=20it=E2=80=99s=20no=20longer=20used?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
program/utils.py | 19 -------------------
program/views.py | 13 ++-----------
2 files changed, 2 insertions(+), 30 deletions(-)
diff --git a/program/utils.py b/program/utils.py
index 91c5191c..cebde541 100644
--- a/program/utils.py
+++ b/program/utils.py
@@ -128,25 +128,6 @@ def delete_links(instance: Union["Host", "Note", "Show"]) -> Union["Host", "Note
return instance
-class DisabledObjectPermissionCheckMixin:
- """
- At the time of writing permission checks were entirely circumvented by manual
- queries in viewsets. To make code refactoring easier and allow
- the paced introduction of .get_object() in viewsets, object permission checks
- need to be disabled until permission checks have been refactored as well.
-
- Object permissions checks should become mandatory once proper permission_classes
- are assigned to viewsets. This mixin should be removed afterwards.
- """
-
- # The text above becomes the viewset’s doc string otherwise and is displayed in
- # the generated OpenAPI schema.
- __doc__ = None
-
- def check_object_permissions(self, request, obj):
- pass
-
-
class NestedObjectFinderMixin:
ROUTE_FILTER_LOOKUPS = {}
diff --git a/program/views.py b/program/views.py
index 0760d4be..772cdf57 100644
--- a/program/views.py
+++ b/program/views.py
@@ -80,12 +80,7 @@ from program.serializers import (
UserSerializer,
)
from program.services import get_timerange_timeslots, resolve_conflicts
-from program.utils import (
- DisabledObjectPermissionCheckMixin,
- NestedObjectFinderMixin,
- get_values,
- parse_date,
-)
+from program.utils import NestedObjectFinderMixin, get_values, parse_date
logger = logging.getLogger(__name__)
@@ -252,7 +247,6 @@ def json_playout(request):
),
)
class APIUserViewSet(
- DisabledObjectPermissionCheckMixin,
mixins.CreateModelMixin,
mixins.RetrieveModelMixin,
mixins.UpdateModelMixin,
@@ -362,7 +356,7 @@ class APIImageViewSet(viewsets.ModelViewSet):
destroy=extend_schema(summary="Delete an existing show."),
list=extend_schema(summary="List all shows."),
)
-class APIShowViewSet(DisabledObjectPermissionCheckMixin, viewsets.ModelViewSet):
+class APIShowViewSet(viewsets.ModelViewSet):
queryset = Show.objects.all()
serializer_class = ShowSerializer
pagination_class = LimitOffsetPagination
@@ -521,7 +515,6 @@ class APIRRuleViewSet(viewsets.ModelViewSet):
list=extend_schema(summary="List all schedules."),
)
class APIScheduleViewSet(
- DisabledObjectPermissionCheckMixin,
NestedObjectFinderMixin,
viewsets.ModelViewSet,
):
@@ -655,7 +648,6 @@ class APIScheduleViewSet(
),
)
class APITimeSlotViewSet(
- DisabledObjectPermissionCheckMixin,
NestedObjectFinderMixin,
mixins.RetrieveModelMixin,
mixins.UpdateModelMixin,
@@ -705,7 +697,6 @@ class APITimeSlotViewSet(
list=extend_schema(summary="List all notes."),
)
class APINoteViewSet(
- DisabledObjectPermissionCheckMixin,
NestedObjectFinderMixin,
viewsets.ModelViewSet,
):
--
GitLab