Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dataviews endpoint should not require auth for public dataviews. #902

Merged
merged 2 commits into from
Feb 15, 2017
Merged

Dataviews endpoint should not require auth for public dataviews. #902

merged 2 commits into from
Feb 15, 2017

Conversation

urbanslug
Copy link
Contributor

The dataviews endpoint should not require auth for public dataviews,
api/v1/dataviews/<public-dataview-id>, filtered by the dataview id but should require auth for a request for all dataviews, api/v1/dataviews.

closes #891

@denniswambua denniswambua changed the title Dataviews endpoint should not require auth for public dataviews. [WIP]Dataviews endpoint should not require auth for public dataviews. Feb 8, 2017
@urbanslug urbanslug force-pushed the 891-public-dataviews-require-auth branch 2 times, most recently from 90d9ee8 to d29be25 Compare February 9, 2017 11:14
@urbanslug urbanslug changed the title [WIP]Dataviews endpoint should not require auth for public dataviews. Dataviews endpoint should not require auth for public dataviews. Feb 10, 2017
@pld pld requested a review from denniswambua February 10, 2017 14:37
@urbanslug
Dataviews endpoint should not require auth for public dataviews.
c304954 
The dataviews endpoint should not require auth for public dataviews,
`api/v1/dataviews/<public-dataview-id>`, filtered by the dataview id
but should require auth for a request for all dataviews,
`api/v1/dataviews`.

Signed-off-by: Njagi Mwaniki <[email protected]>
@urbanslug urbanslug force-pushed the 891-public-dataviews-require-auth branch from d29be25 to f695509 Compare February 13, 2017 08:50
denniswambua
denniswambua suggested changes Feb 13, 2017
View reviewed changes
onadata/apps/api/permissions.py
# To allow individual public dataviews to be visible on
# `api/v1/dataviews/<pk>` but stop retreival of all dataviews when
# the dataviews endpoint is queried `api/v1/dataviews`
return not (request.user.is_anonymous() and view.action == 'list')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove the unnecessary parenthesis.

@urbanslug
Copy link
Contributor Author

@denniswambua Done.

@urbanslug urbanslug force-pushed the 891-public-dataviews-require-auth branch from 5279e48 to f695509 Compare February 14, 2017 06:02
@urbanslug
Test: GET on a specific public dataview always returns 200.
a4d469b 
- A GET request for *all* dataviews for unauthenticated users returns a 404.
- A GET request for *all* dataviews for authenticated users checks whether they
have the required permissions.
- A GET request for *a specific* public dataview *always* returns a 200.
- A GET request for *a specific* private dataview from unauthenticated users should
return a 404 but from authenticated users should check whether they have the
required permissions.

Signed-off-by: Njagi Mwaniki <[email protected]>
@urbanslug urbanslug force-pushed the 891-public-dataviews-require-auth branch from f695509 to a4d469b Compare February 14, 2017 06:32
@denniswambua denniswambua merged commit 7ee101e into master Feb 15, 2017
@denniswambua denniswambua deleted the 891-public-dataviews-require-auth branch February 15, 2017 11:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@denniswambua denniswambua denniswambua approved these changes

Assignees

@urbanslug urbanslug

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Public filtered datasets require auth.
2 participants
@urbanslug @denniswambua