Add IGNORE_USER_PERMISSIONS setting

[craiga]

Makes it possible to ignore user permissions when generating a schema.

I have an endpoint which lists search results (/v1/search_results/), but I'm only given access if I specify a search ID on the query string (/v1/search_results/?search=456). My code checks that the logged in user owns search 456 before allowing the user to access this endpoint.

Without this setting, /v1/search_results/ won't appear in the generated documentation.

[nicholasserra]

I've also run into this and think it's a great idea. I'm also running into issues where my permissions are causing my swagger docs to 500, as the state is much different when displaying the schema vs actually hitting the API.

I don't think permissions should be necessary when simply mapping out the urls.

+1 !

[nicholasserra]

@craiga do you know of a workaround on a per-view basis I could implement in the meantime? Looking like something around custom schemas attached to my views might work?

[craiga]

@nicholasserra Sorry, but I don’t. I’ve been using my own branch with this PR included for a while now and it seems to be working fine.

[ghost]

Is this going to be merged into master anytime soon? Since I see that the PR is hanging for a couple of months already and we are in need of this to simplify things.

[craiga]

@lukzmu I just noticed that Marc posted a call for help to deal with stuff like this, so it might be a while unless someone's able to volunteer to help out.

[ghost]

Oh just saw that as well, think we will have to import the PR for now then :)
Hopefully this will be sorted out in the future and hope @marcgibbons will get help :)

[oneandonlyonebutyou]

Looks good

[oneandonlyonebutyou]

Could someone please approve this to push this forward.

I would really appreciate it.

[BenjaminHabert]

I just tested the proposed pull request. It works great for me with one exception. I have one View that uses the get_serializer_class(self) method. In this method I use self.request.method which fails as request is None when running with the IGNORE_USER_PERMISSIONS setting.

It is easy enough for me to adapt the get_serializer_class() code to take this case into account. I am in favor of this pull request; thanks.

[craiga]

@BenjaminHabert Can you provide a stack trace of where that problem is happening?

The docs state that the request argument to get_schema is optional, so I wonder if self.request being None is valid when generating the schema.

[BenjaminHabert]

here is the stacktrace:

Internal Server Error: /swagger/
Traceback (most recent call last):
  File "/Users/benjamin/Documents/Quantmetry_Missions/Plasidia/moon-api/.venv/lib/python3.6/site-packages/django/core/handlers/exception.py", line 34, in inner
    response = get_response(request)
  File "/Users/benjamin/Documents/Quantmetry_Missions/Plasidia/moon-api/.venv/lib/python3.6/site-packages/django/core/handlers/base.py", line 126, in _get_response
    response = self.process_exception_by_middleware(e, request)
  File "/Users/benjamin/Documents/Quantmetry_Missions/Plasidia/moon-api/.venv/lib/python3.6/site-packages/django/core/handlers/base.py", line 124, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/Users/benjamin/Documents/Quantmetry_Missions/Plasidia/moon-api/.venv/lib/python3.6/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
    return view_func(*args, **kwargs)
  File "/Users/benjamin/Documents/Quantmetry_Missions/Plasidia/moon-api/.venv/lib/python3.6/site-packages/django/views/generic/base.py", line 68, in view
    return self.dispatch(request, *args, **kwargs)
  File "/Users/benjamin/Documents/Quantmetry_Missions/Plasidia/moon-api/.venv/lib/python3.6/site-packages/rest_framework/views.py", line 495, in dispatch
    response = self.handle_exception(exc)
  File "/Users/benjamin/Documents/Quantmetry_Missions/Plasidia/moon-api/.venv/lib/python3.6/site-packages/rest_framework/views.py", line 455, in handle_exception
    self.raise_uncaught_exception(exc)
  File "/Users/benjamin/Documents/Quantmetry_Missions/Plasidia/moon-api/.venv/lib/python3.6/site-packages/rest_framework/views.py", line 492, in dispatch
    response = handler(request, *args, **kwargs)
  File "/Users/benjamin/Documents/Quantmetry_Missions/Plasidia/moon-api/.venv/lib/python3.6/site-packages/rest_framework_swagger/views.py", line 32, in get
    schema = generator.get_schema()
  File "/Users/benjamin/Documents/Quantmetry_Missions/Plasidia/moon-api/.venv/lib/python3.6/site-packages/rest_framework/schemas/generators.py", line 281, in get_schema
    links = self.get_links(None if public else request)
  File "/Users/benjamin/Documents/Quantmetry_Missions/Plasidia/moon-api/.venv/lib/python3.6/site-packages/rest_framework/schemas/generators.py", line 319, in get_links
    link = view.schema.get_link(path, method, base_url=self.url)
  File "/Users/benjamin/Documents/Quantmetry_Missions/Plasidia/moon-api/.venv/lib/python3.6/site-packages/rest_framework/schemas/inspectors.py", line 215, in get_link
    fields += self.get_serializer_fields(path, method)
  File "/Users/benjamin/Documents/Quantmetry_Missions/Plasidia/moon-api/.venv/lib/python3.6/site-packages/rest_framework/schemas/inspectors.py", line 336, in get_serializer_fields
    serializer = view.get_serializer()
  File "/Users/benjamin/Documents/Quantmetry_Missions/Plasidia/moon-api/.venv/lib/python3.6/site-packages/rest_framework/generics.py", line 110, in get_serializer
    serializer_class = self.get_serializer_class()
  File "/Users/benjamin/Documents/Quantmetry_Missions/Plasidia/moon-api/moon/glycemia/views.py", line 88, in get_serializer_class
    if self.request.method == 'GET':
AttributeError: 'NoneType' object has no attribute 'method'
[07/Feb/2019 15:23:11] "GET /swagger/ HTTP/1.1" 500 18760

And here is the culprit (which was easy enough to modify and protect against this error):

# file: moon-api/moon/glycemia/views.py
class GlycemiaAPIView(generics.ListCreateAPIView):
    def get_serializer_class(self):
        if self.request.method == 'GET':
            return GlycemiaSerializer
        return GlycemiaListCreateSerializer

[craiga]

@BenjaminHabert Thanks for that. self.request being None is the correct behaviour here … are you comfortable with that?

[BenjaminHabert]

@craiga yes

[BenjaminHabert]

I have been using this proposed version for a few months. I think this change is useful and can be accepted

[aliaksandrmelnik1]

so, when you a planning to merge this PR to master?

[ulgens]

Any progress on this?

[craiga]

As this project is deprecated, I'm closing this PR to make this clear to subsequent visitors. Check the project's readme for more info and an alternative library to use.

[ulgens]

@craiga Thanks for the response. What will be the other open issues and PRs? I think it would be better if you "archive" the project and make it read only.

[craiga]

@ulgens I'm not sure. I have no special status in this project, I just happened to open a moderately popular pull request. ;)

@marcgibbons What do you think of archiving this project?