Skip to content
This repository has been archived by the owner on Feb 26, 2024. It is now read-only.

As a privileged bot I can write images via an API #212

Open
cogat opened this issue Mar 14, 2017 · 0 comments
Open

As a privileged bot I can write images via an API #212

cogat opened this issue Mar 14, 2017 · 0 comments
Labels
in progress

Comments

@cogat
Copy link
Contributor

cogat commented Mar 14, 2017

Set up django-rest-framework to allow writing of an Image for privileged users. This is so that middleware inside clients networks can send images to GLAMkit.
jmurty added a commit that referenced this issue Apr 4, 2017
@jmurty
#212 Move default ICEkit API pagination class to central utils
efd1aad 
The default API pagination settings/behaviour will be reused by
multiple API endpoints, so should live in a central location.
jmurty added a commit that referenced this issue Apr 4, 2017
@jmurty
#212 Enable django-rest-framework API endpoints by default in GLAMkit
c15a680
jmurty added a commit that referenced this issue Apr 4, 2017
@jmurty
#212 Add initial read-only images API endpoint
eb67ee2
jmurty added a commit that referenced this issue Apr 4, 2017
@jmurty
#212 Apply sensible default auth and permission settings for APIs
ff20f45 
Authentication:

- Require authentication for any API access, instead of allowing anyone
  to access the APIs which is the behaviour unless you override it

- enable standard Django session authentication for in-browser API
  access via the web UI or AJAX requests

- enable per-user opaque token values for non-browser clients. Tokens
  can be assigned at the Django admin path /admin/authtoken/token/

Permissions:

- apply Django's standard model permissions to API operations.
jmurty added a commit that referenced this issue Apr 4, 2017
@jmurty
#212 Enable writing to the images API now that auth and perms are OK
8e765bf
jmurty added a commit that referenced this issue Apr 4, 2017
@jmurty
#212 Update API permissions to prevent basic access from all users
fb80c7d 
DRF's default API permissions model `DjangoModelPermissions` is
overly permissive IMO because it allows *any* authenticated users
to perform listing (GET), HEAD, and OPTIONS requests, even if that
user has no corresponding permissions to view listings etc in the
Django admin.
jmurty added a commit that referenced this issue Apr 4, 2017
@jmurty
#212 Make image API routes reversible
6aff402
jmurty added a commit that referenced this issue Apr 4, 2017
@jmurty
#212 Add unit tests for new image API
6bcca25
jmurty added a commit that referenced this issue Apr 4, 2017
@jmurty
#212 Re-permit pages API access for anyone
779be42 
Explicitly override the new, more restrictive, default API permissions
applied GLAMkit-wide with `AllowAny` permissions for the existing
pages API. This was the permission model for this API previously.
jmurty added a commit that referenced this issue Apr 7, 2017
@jmurty
#212 Move API apps into central package icekit.api
1dde733 
Move the images and pages API apps into a new single central
`icekit.api` app to simplify the app hierarchy and group
things more sensibly in the codebase.
jmurty added a commit that referenced this issue Apr 7, 2017
@jmurty
#212 Consolidate unit tests for images and pages APIs
d2171a2 
Move all unit tests targeting API endpoints into the new
`icekit.api` app.
jmurty added a commit that referenced this issue Apr 7, 2017
@jmurty
#212 Consolidated API unit tests
01d6f51 
Refactor useful test cases and utility methods into base unit
test class, and update images and pages unit tests to use this
base class.
jmurty added a commit that referenced this issue Apr 7, 2017
@jmurty
#212 Make URL names of API endpoints more explicit and consistent
0075911 
- Images api URLs are now named 'images-api-list', 'images-api-detail'
  (was 'images-list', 'images-detail')
- Pages api URLs are now named 'pages-api-list', 'pages-api-detail'
  (was 'page-list', 'page-detail')
jmurty added a commit that referenced this issue Apr 7, 2017
@jmurty
#212 Add some basic documentation for images API and API refactor
6f647ce
jmurty added a commit that referenced this issue Apr 7, 2017
@jmurty
#212 Relocate token auth admin monkey-patch to ICEkit API app
2626682
@jmurty jmurty removed their assignment Oct 23, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
in progress
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cogat @jmurty