diff --git a/InvenTree/InvenTree/settings.py b/InvenTree/InvenTree/settings.py index 21b8a0ead1..75f6f58993 100644 --- a/InvenTree/InvenTree/settings.py +++ b/InvenTree/InvenTree/settings.py @@ -231,6 +231,10 @@ REST_FRAMEWORK = { 'rest_framework.authentication.SessionAuthentication', 'rest_framework.authentication.TokenAuthentication', ), + 'DEFAULT_PERMISSION_CLASSES': ( + 'rest_framework.permissions.IsAuthenticated', + 'rest_framework.permissions.DjangoModelPermissions', + ), 'DEFAULT_SCHEMA_CLASS': 'rest_framework.schemas.coreapi.AutoSchema' } diff --git a/InvenTree/build/api.py b/InvenTree/build/api.py index c0faee6c15..d4e458c506 100644 --- a/InvenTree/build/api.py +++ b/InvenTree/build/api.py @@ -7,7 +7,7 @@ from __future__ import unicode_literals from django_filters.rest_framework import DjangoFilterBackend from rest_framework import filters -from rest_framework import generics, permissions +from rest_framework import generics from django.conf.urls import url, include @@ -28,10 +28,6 @@ class BuildList(generics.ListCreateAPIView): queryset = Build.objects.all() serializer_class = BuildSerializer - permission_classes = [ - permissions.IsAuthenticated, - ] - filter_backends = [ DjangoFilterBackend, filters.SearchFilter, @@ -99,10 +95,6 @@ class BuildDetail(generics.RetrieveUpdateAPIView): queryset = Build.objects.all() serializer_class = BuildSerializer - permission_classes = [ - permissions.IsAuthenticated, - ] - class BuildItemList(generics.ListCreateAPIView): """ API endpoint for accessing a list of BuildItem objects @@ -137,10 +129,6 @@ class BuildItemList(generics.ListCreateAPIView): return queryset - permission_classes = [ - permissions.IsAuthenticated, - ] - filter_backends = [ DjangoFilterBackend, ] diff --git a/InvenTree/company/api.py b/InvenTree/company/api.py index 0e54d7d7fb..548ac96016 100644 --- a/InvenTree/company/api.py +++ b/InvenTree/company/api.py @@ -7,7 +7,7 @@ from __future__ import unicode_literals from django_filters.rest_framework import DjangoFilterBackend from rest_framework import filters -from rest_framework import generics, permissions +from rest_framework import generics from django.conf.urls import url, include from django.db.models import Q @@ -40,10 +40,6 @@ class CompanyList(generics.ListCreateAPIView): return queryset - permission_classes = [ - permissions.IsAuthenticated, - ] - filter_backends = [ DjangoFilterBackend, filters.SearchFilter, @@ -82,10 +78,6 @@ class CompanyDetail(generics.RetrieveUpdateDestroyAPIView): return queryset - permission_classes = [ - permissions.IsAuthenticated, - ] - class SupplierPartList(generics.ListCreateAPIView): """ API endpoint for list view of SupplierPart object @@ -170,10 +162,6 @@ class SupplierPartList(generics.ListCreateAPIView): serializer_class = SupplierPartSerializer - permission_classes = [ - permissions.IsAuthenticated, - ] - filter_backends = [ DjangoFilterBackend, filters.SearchFilter, @@ -202,7 +190,6 @@ class SupplierPartDetail(generics.RetrieveUpdateDestroyAPIView): queryset = SupplierPart.objects.all() serializer_class = SupplierPartSerializer - permission_classes = (permissions.IsAuthenticated,) read_only_fields = [ ] @@ -218,10 +205,6 @@ class SupplierPriceBreakList(generics.ListCreateAPIView): queryset = SupplierPriceBreak.objects.all() serializer_class = SupplierPriceBreakSerializer - permission_classes = [ - permissions.IsAuthenticated, - ] - filter_backends = [ DjangoFilterBackend, ] diff --git a/InvenTree/order/api.py b/InvenTree/order/api.py index a7915878c5..4a9dbfa2ac 100644 --- a/InvenTree/order/api.py +++ b/InvenTree/order/api.py @@ -6,7 +6,7 @@ JSON API for the Order app from __future__ import unicode_literals from django_filters.rest_framework import DjangoFilterBackend -from rest_framework import generics, permissions +from rest_framework import generics from rest_framework import filters from django.conf.urls import url, include @@ -109,10 +109,6 @@ class POList(generics.ListCreateAPIView): return queryset - permission_classes = [ - permissions.IsAuthenticated, - ] - filter_backends = [ DjangoFilterBackend, filters.SearchFilter, @@ -162,10 +158,6 @@ class PODetail(generics.RetrieveUpdateAPIView): return queryset - permission_classes = [ - permissions.IsAuthenticated - ] - class POLineItemList(generics.ListCreateAPIView): """ API endpoint for accessing a list of POLineItem objects @@ -188,10 +180,6 @@ class POLineItemList(generics.ListCreateAPIView): return self.serializer_class(*args, **kwargs) - permission_classes = [ - permissions.IsAuthenticated, - ] - filter_backends = [ DjangoFilterBackend, ] @@ -208,10 +196,6 @@ class POLineItemDetail(generics.RetrieveUpdateAPIView): queryset = PurchaseOrderLineItem serializer_class = POLineItemSerializer - permission_classes = [ - permissions.IsAuthenticated, - ] - class SOAttachmentList(generics.ListCreateAPIView, AttachmentMixin): """ @@ -300,10 +284,6 @@ class SOList(generics.ListCreateAPIView): return queryset - permission_classes = [ - permissions.IsAuthenticated - ] - filter_backends = [ DjangoFilterBackend, filters.SearchFilter, @@ -351,8 +331,6 @@ class SODetail(generics.RetrieveUpdateAPIView): return queryset - permission_classes = [permissions.IsAuthenticated] - class SOLineItemList(generics.ListCreateAPIView): """ @@ -398,8 +376,6 @@ class SOLineItemList(generics.ListCreateAPIView): return queryset - permission_classes = [permissions.IsAuthenticated] - filter_backends = [DjangoFilterBackend] filter_fields = [ @@ -414,8 +390,6 @@ class SOLineItemDetail(generics.RetrieveUpdateAPIView): queryset = SalesOrderLineItem.objects.all() serializer_class = SOLineItemSerializer - permission_classes = [permissions.IsAuthenticated] - class POAttachmentList(generics.ListCreateAPIView, AttachmentMixin): """ diff --git a/InvenTree/part/api.py b/InvenTree/part/api.py index 6834503466..d4aeec5bd9 100644 --- a/InvenTree/part/api.py +++ b/InvenTree/part/api.py @@ -55,10 +55,6 @@ class CategoryList(generics.ListCreateAPIView): queryset = PartCategory.objects.all() serializer_class = part_serializers.CategorySerializer - permission_classes = [ - permissions.IsAuthenticated, - ] - def get_queryset(self): """ Custom filtering: @@ -119,10 +115,6 @@ class PartSalePriceList(generics.ListCreateAPIView): queryset = PartSellPriceBreak.objects.all() serializer_class = part_serializers.PartSalePriceSerializer - permission_classes = [ - permissions.IsAuthenticated, - ] - filter_backends = [ DjangoFilterBackend ] @@ -182,8 +174,6 @@ class PartTestTemplateList(generics.ListCreateAPIView): return queryset - permission_classes = [permissions.IsAuthenticated] - filter_backends = [ DjangoFilterBackend, filters.OrderingFilter, @@ -221,10 +211,6 @@ class PartThumbsUpdate(generics.RetrieveUpdateAPIView): queryset = Part.objects.all() serializer_class = part_serializers.PartThumbSerializerUpdate - permission_classes = [ - permissions.IsAuthenticated, - ] - filter_backends = [ DjangoFilterBackend ] @@ -246,10 +232,6 @@ class PartDetail(generics.RetrieveUpdateDestroyAPIView): return queryset - permission_classes = [ - permissions.IsAuthenticated, - ] - def get_serializer(self, *args, **kwargs): try: @@ -580,10 +562,6 @@ class PartList(generics.ListCreateAPIView): return queryset - permission_classes = [ - permissions.IsAuthenticated, - ] - filter_backends = [ DjangoFilterBackend, filters.SearchFilter, @@ -676,10 +654,6 @@ class PartParameterTemplateList(generics.ListCreateAPIView): queryset = PartParameterTemplate.objects.all() serializer_class = part_serializers.PartParameterTemplateSerializer - permission_classes = [ - permissions.IsAuthenticated, - ] - filter_backends = [ filters.OrderingFilter, ] @@ -699,10 +673,6 @@ class PartParameterList(generics.ListCreateAPIView): queryset = PartParameter.objects.all() serializer_class = part_serializers.PartParameterSerializer - permission_classes = [ - permissions.IsAuthenticated, - ] - filter_backends = [ DjangoFilterBackend ] @@ -796,10 +766,6 @@ class BomList(generics.ListCreateAPIView): return queryset - permission_classes = [ - permissions.IsAuthenticated, - ] - filter_backends = [ DjangoFilterBackend, filters.SearchFilter, @@ -816,10 +782,6 @@ class BomDetail(generics.RetrieveUpdateDestroyAPIView): queryset = BomItem.objects.all() serializer_class = part_serializers.BomItemSerializer - permission_classes = [ - permissions.IsAuthenticated, - ] - class BomItemValidate(generics.UpdateAPIView): """ API endpoint for validating a BomItem """ diff --git a/InvenTree/stock/api.py b/InvenTree/stock/api.py index 55bc62a44e..790de7d879 100644 --- a/InvenTree/stock/api.py +++ b/InvenTree/stock/api.py @@ -68,7 +68,6 @@ class StockDetail(generics.RetrieveUpdateDestroyAPIView): queryset = StockItem.objects.all() serializer_class = StockItemSerializer - permission_classes = (permissions.IsAuthenticated,) def get_queryset(self, *args, **kwargs): @@ -289,10 +288,6 @@ class StockLocationList(generics.ListCreateAPIView): return queryset - permission_classes = [ - permissions.IsAuthenticated, - ] - filter_backends = [ DjangoFilterBackend, filters.SearchFilter, @@ -695,10 +690,6 @@ class StockList(generics.ListCreateAPIView): return queryset - permission_classes = [ - permissions.IsAuthenticated, - ] - filter_backends = [ DjangoFilterBackend, filters.SearchFilter, @@ -744,10 +735,6 @@ class StockItemTestResultList(generics.ListCreateAPIView): queryset = StockItemTestResult.objects.all() serializer_class = StockItemTestResultSerializer - permission_classes = [ - permissions.IsAuthenticated, - ] - filter_backends = [ DjangoFilterBackend, filters.SearchFilter, @@ -799,7 +786,6 @@ class StockTrackingList(generics.ListCreateAPIView): queryset = StockItemTracking.objects.all() serializer_class = StockTrackingSerializer - permission_classes = [permissions.IsAuthenticated] def get_serializer(self, *args, **kwargs): try: @@ -871,7 +857,6 @@ class LocationDetail(generics.RetrieveUpdateDestroyAPIView): queryset = StockLocation.objects.all() serializer_class = LocationSerializer - permission_classes = (permissions.IsAuthenticated,) stock_endpoints = [