Enforce authentication for API access

2024-08-30 18:33:04 +00:00 · 2019-07-08 19:20:00 +10:00 · 2019-07-08 19:20:00 +10:00 · 20ec36d3ea
commit 20ec36d3ea
parent 16e1be61f5
5 changed files with 24 additions and 24 deletions
--- a/InvenTree/build/api.py
+++ b/InvenTree/build/api.py
@ -26,7 +26,7 @@ class BuildList(generics.ListCreateAPIView):
    serializer_class = BuildSerializer

    permission_classes = [
-        permissions.IsAuthenticatedOrReadOnly,
+        permissions.IsAuthenticated,
    ]

    filter_backends = [
@ -47,7 +47,7 @@ class BuildDetail(generics.RetrieveUpdateAPIView):
    serializer_class = BuildSerializer

    permission_classes = [
-        permissions.IsAuthenticatedOrReadOnly,
+        permissions.IsAuthenticated,
    ]


@ -80,7 +80,7 @@ class BuildItemList(generics.ListCreateAPIView):
        return query

    permission_classes = [
-        permissions.IsAuthenticatedOrReadOnly,
+        permissions.IsAuthenticated,
    ]

    filter_backends = [
--- a/InvenTree/company/api.py
+++ b/InvenTree/company/api.py
@ -32,7 +32,7 @@ class CompanyList(generics.ListCreateAPIView):
    serializer_class = CompanySerializer
    queryset = Company.objects.all()
    permission_classes = [
-        permissions.IsAuthenticatedOrReadOnly,
+        permissions.IsAuthenticated,
    ]

    filter_backends = [
@ -66,7 +66,7 @@ class CompanyDetail(generics.RetrieveUpdateDestroyAPIView):
    serializer_class = CompanySerializer
    
    permission_classes = [
-        permissions.IsAuthenticatedOrReadOnly,
+        permissions.IsAuthenticated,
    ]


@ -102,7 +102,7 @@ class SupplierPartList(generics.ListCreateAPIView):
    serializer_class = SupplierPartSerializer

    permission_classes = [
-        permissions.IsAuthenticatedOrReadOnly,
+        permissions.IsAuthenticated,
    ]

    filter_backends = [
@ -135,7 +135,7 @@ class SupplierPartDetail(generics.RetrieveUpdateDestroyAPIView):

    queryset = SupplierPart.objects.all()
    serializer_class = SupplierPartSerializer
-    permission_classes = (permissions.IsAuthenticatedOrReadOnly,)
+    permission_classes = (permissions.IsAuthenticated,)

    read_only_fields = [
    ]
@ -152,7 +152,7 @@ class SupplierPriceBreakList(generics.ListCreateAPIView):
    serializer_class = SupplierPriceBreakSerializer

    permission_classes = [
-        permissions.IsAuthenticatedOrReadOnly,
+        permissions.IsAuthenticated,
    ]

    filter_backends = [
--- a/InvenTree/part/api.py
+++ b/InvenTree/part/api.py
@ -54,7 +54,7 @@ class CategoryList(generics.ListCreateAPIView):
    serializer_class = CategorySerializer

    permission_classes = [
-        permissions.IsAuthenticatedOrReadOnly,
+        permissions.IsAuthenticated,
    ]

    filter_backends = [
@ -91,7 +91,7 @@ class PartDetail(generics.RetrieveUpdateAPIView):
    serializer_class = PartSerializer

    permission_classes = [
-        permissions.IsAuthenticatedOrReadOnly,
+        permissions.IsAuthenticated,
    ]


@ -178,7 +178,7 @@ class PartList(generics.ListCreateAPIView):
        return parts_list

    permission_classes = [
-        permissions.IsAuthenticatedOrReadOnly,
+        permissions.IsAuthenticated,
    ]

    filter_backends = [
@ -243,7 +243,7 @@ class PartStarList(generics.ListCreateAPIView):
        return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)

    permission_classes = [
-        permissions.IsAuthenticatedOrReadOnly,
+        permissions.IsAuthenticated,
    ]

    filter_backends = [
@ -292,7 +292,7 @@ class BomList(generics.ListCreateAPIView):
        return queryset

    permission_classes = [
-        permissions.IsAuthenticatedOrReadOnly,
+        permissions.IsAuthenticated,
    ]

    filter_backends = [
@ -314,7 +314,7 @@ class BomDetail(generics.RetrieveUpdateDestroyAPIView):
    serializer_class = BomItemSerializer

    permission_classes = [
-        permissions.IsAuthenticatedOrReadOnly,
+        permissions.IsAuthenticated,
    ]


--- a/InvenTree/stock/api.py
+++ b/InvenTree/stock/api.py
@ -57,7 +57,7 @@ class StockDetail(generics.RetrieveUpdateDestroyAPIView):

    queryset = StockItem.objects.all()
    serializer_class = StockItemSerializer
-    permission_classes = (permissions.IsAuthenticatedOrReadOnly,)
+    permission_classes = (permissions.IsAuthenticated,)


 class StockFilter(FilterSet):
@ -83,7 +83,7 @@ class StockStocktake(APIView):
    """

    permission_classes = [
-        permissions.IsAuthenticatedOrReadOnly,
+        permissions.IsAuthenticated,
    ]

    def post(self, request, *args, **kwargs):
@ -153,7 +153,7 @@ class StockMove(APIView):
    """ API endpoint for performing stock movements """

    permission_classes = [
-        permissions.IsAuthenticatedOrReadOnly,
+        permissions.IsAuthenticated,
    ]

    def post(self, request, *args, **kwargs):
@ -227,7 +227,7 @@ class StockLocationList(generics.ListCreateAPIView):
    serializer_class = LocationSerializer

    permission_classes = [
-        permissions.IsAuthenticatedOrReadOnly,
+        permissions.IsAuthenticated,
    ]

    filter_backends = [
@ -390,7 +390,7 @@ class StockList(generics.ListCreateAPIView):
    serializer_class = StockItemSerializer

    permission_classes = [
-        permissions.IsAuthenticatedOrReadOnly,
+        permissions.IsAuthenticated,
    ]

    filter_backends = [
@ -412,7 +412,7 @@ class StockStocktakeEndpoint(generics.UpdateAPIView):

    queryset = StockItem.objects.all()
    serializer_class = StockQuantitySerializer
-    permission_classes = (permissions.IsAuthenticatedOrReadOnly,)
+    permission_classes = (permissions.IsAuthenticated,)

    def update(self, request, *args, **kwargs):
        object = self.get_object()
@ -434,7 +434,7 @@ class StockTrackingList(generics.ListCreateAPIView):

    queryset = StockItemTracking.objects.all()
    serializer_class = StockTrackingSerializer
-    permission_classes = [permissions.IsAuthenticatedOrReadOnly]
+    permission_classes = [permissions.IsAuthenticated]

    filter_backends = [
        DjangoFilterBackend,
@ -469,7 +469,7 @@ class LocationDetail(generics.RetrieveUpdateDestroyAPIView):

    queryset = StockLocation.objects.all()
    serializer_class = LocationSerializer
-    permission_classes = (permissions.IsAuthenticatedOrReadOnly,)
+    permission_classes = (permissions.IsAuthenticated,)


 stock_endpoints = [
--- a/InvenTree/users/views.py
+++ b/InvenTree/users/views.py
@ -12,7 +12,7 @@ class UserDetail(generics.RetrieveAPIView):

    queryset = User.objects.all()
    serializer_class = UserSerializer
-    permission_classes = (permissions.IsAuthenticatedOrReadOnly,)
+    permission_classes = (permissions.IsAuthenticated,)


 class UserList(generics.ListAPIView):
@ -20,7 +20,7 @@ class UserList(generics.ListAPIView):

    queryset = User.objects.all()
    serializer_class = UserSerializer
-    permission_classes = (permissions.IsAuthenticatedOrReadOnly,)
+    permission_classes = (permissions.IsAuthenticated,)


 class GetAuthToken(ObtainAuthToken):