Merge pull request #5250 from nyaruka/anon_api_docs

Ensure anon users can access API docs
nyaruka · May 23, 2024 · 09517b4 · 09517b4
2 parents 1ddfdad + e3e5715
commit 09517b4
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 7 deletions.
diff --git a/temba/api/models.py b/temba/api/models.py
@@ -48,6 +48,9 @@ def get_required_permission(self, request, view) -> str:
         codes that the user is required to have.
         """
 
+        if view.is_docs():  # no permission required to view docs
+            return None
+
         if hasattr(view, "permission"):
             return view.permission
 
@@ -89,7 +92,7 @@ def has_permission(self, request, view):
 
             return has_perm
 
-        else:  # pragma: no cover
+        else:
             return True
 
 

diff --git a/temba/api/v2/tests.py b/temba/api/v2/tests.py
@@ -560,11 +560,11 @@ def test_root(self):
 
         # browse as HTML anonymously (should still show docs)
         response = self.client.get(root_url)
-        self.assertContains(response, "We provide a RESTful JSON API", status_code=200)
+        self.assertContains(response, "We provide a RESTful JSON API")
 
         # same thing if user navigates to just /api
         response = self.client.get(reverse("api"), follow=True)
-        self.assertContains(response, "We provide a RESTful JSON API", status_code=200)
+        self.assertContains(response, "We provide a RESTful JSON API")
 
         # try to browse as JSON anonymously
         response = self.client.get(root_url + ".json")
@@ -797,13 +797,15 @@ def test_archives(self):
         response = self.client.get(endpoint_url)
         self.assertEqual(403, response.status_code)
 
-        # test fetching docs
+        # test fetching docs anonymously
+        self.client.logout()
         response = self.client.get(reverse("api.v2.archives"))
-        self.assertContains(response, "This endpoint allows you to list", status_code=403)
+        self.assertContains(response, "This endpoint allows you to list")
 
+        # and logged in
         self.login(self.editor)
         response = self.client.get(reverse("api.v2.archives"))
-        self.assertContains(response, "This endpoint allows you to list", status_code=200)
+        self.assertContains(response, "This endpoint allows you to list")
 
     def test_boundaries(self):
         endpoint_url = reverse("api.v2.boundaries") + ".json"

diff --git a/temba/api/views.py b/temba/api/views.py
@@ -94,6 +94,9 @@ def normalize_urn(self, value):
         except ValueError:
             raise InvalidQueryError("Invalid URN: %s" % value)
 
+    def is_docs(self):
+        return "format" not in self.kwargs
+
 
 class ListAPIMixin(mixins.ListModelMixin):
     """
@@ -108,7 +111,7 @@ def get(self, request, *args, **kwargs):
     def list(self, request, *args, **kwargs):
         self.check_query(self.request.query_params)
 
-        if not kwargs.get("format", None):
+        if self.is_docs():
             # if this is just a request to browse the endpoint docs, don't make a query
             return Response([])
         else: