Skip to content

C
converse.js
Commit 79dee932 authored by Michal Čihař's avatar Michal Čihař
Browse files
Options

Simplify permissions setup for API 

We do explicit check for every write operation, so do not do any
permission check at REST framework level.
Signed-off-by: default avatarMichal Čihař <michal@cihar.com>
parent 2b3f5616
Hide whitespace changes
Inline Side-by-side
Showing with 1 addition and 3 deletions
weblate/accounts/models.py
View file @ 79dee932
......@@ -883,7 +883,6 @@ def create_groups(update):
group, created = Group.objects.get_or_create(name='Users')
if created or update:
group.permissions.add(
Permission.objects.get(codename='change_translation'),
Permission.objects.get(codename='upload_translation'),
Permission.objects.get(codename='overwrite_translation'),
Permission.objects.get(codename='save_translation'),
......@@ -907,7 +906,6 @@ def create_groups(update):
AutoGroup.objects.create(group=group, match='^.*$')
owner_permissions = (
Permission.objects.get(codename='change_translation'),
Permission.objects.get(codename='author_translation'),
Permission.objects.get(codename='upload_translation'),
Permission.objects.get(codename='overwrite_translation'),
......
weblate/settings_example.py
View file @ 79dee932
......@@ -561,7 +561,7 @@ REST_FRAMEWORK = {
# Use Django's standard `django.contrib.auth` permissions,
# or allow read-only access for unauthenticated users.
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly'
'rest_framework.permissions.IsAuthenticatedOrReadOnly'
],
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7