Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

allow anonymous users to access @types endpoint #1423

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions news/1409.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
Allow anonymous users to access @types endpoint
[erral]
1 change: 0 additions & 1 deletion src/plone/restapi/services/types/get.py
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,6 @@ def reply(self):
return self.reply_for_field()

def reply_for_type(self):
check_security(self.context)
portal_type = self.params.pop()

# Make sure we get the right dexterity-types adapter
Expand Down
67 changes: 63 additions & 4 deletions src/plone/restapi/tests/test_types.py
Original file line number Diff line number Diff line change
@@ -1,10 +1,15 @@
from datetime import date
from decimal import Decimal
from plone.app.multilingual.dx import directives
from plone.app.testing import SITE_OWNER_NAME
from plone.app.testing import SITE_OWNER_PASSWORD
from plone.app.textfield import RichText
from plone.autoform import directives as form
from plone.autoform.directives import write_permission
from plone.dexterity.fti import DexterityFTI
from plone.restapi.testing import PLONE_RESTAPI_DX_FUNCTIONAL_TESTING
from plone.restapi.testing import PLONE_RESTAPI_DX_INTEGRATION_TESTING
from plone.restapi.testing import RelativeSession
from plone.restapi.types.interfaces import IJsonSchemaProvider
from plone.restapi.types.utils import get_fieldsets
from plone.restapi.types.utils import get_jsonschema_for_fti
Expand All @@ -23,6 +28,8 @@
from zope.schema.vocabulary import SimpleTerm
from zope.schema.vocabulary import SimpleVocabulary

import transaction


class IDummySchema(model.Schema):

Expand All @@ -46,7 +53,9 @@ class ITaggedValuesSchema(model.Schema):

parametrized_widget_field = schema.TextLine(title="Parametrized widget field")
form.widget(
"parametrized_widget_field", a_param="some_value", defaultFactory=lambda: "Foo"
"parametrized_widget_field",
a_param="some_value",
defaultFactory=lambda: "Foo",
)

not_parametrized_widget_field = schema.TextLine(
Expand All @@ -59,6 +68,11 @@ class ITaggedValuesSchema(model.Schema):
required=False,
)

write_permission(test_write_permission_field="cmf.ManagePortal")
test_write_permission_field = schema.TextLine(
required=False,
)


class TestJsonSchemaUtils(TestCase):

Expand Down Expand Up @@ -459,7 +473,11 @@ def test_decimal(self):

def test_int(self):
field = schema.Int(
title="My field", description="My great field", min=0, max=100, default=50
title="My field",
description="My great field",
min=0,
max=100,
default=50,
)
adapter = getMultiAdapter(
(field, self.portal, self.request), IJsonSchemaProvider
Expand Down Expand Up @@ -744,7 +762,9 @@ def test_richtext(self):

def test_date(self):
field = schema.Date(
title="My field", description="My great field", default=date(2016, 1, 1)
title="My field",
description="My great field",
default=date(2016, 1, 1),
)
adapter = getMultiAdapter(
(field, self.portal, self.request), IJsonSchemaProvider
Expand Down Expand Up @@ -781,7 +801,9 @@ def test_datetime(self):

def test_jsonfield(self):
field = JSONField(
title="My field", description="My great field", widget="my_widget_name"
title="My field",
description="My great field",
widget="my_widget_name",
)
adapter = getMultiAdapter(
(field, self.portal, self.request), IJsonSchemaProvider
Expand All @@ -797,3 +819,40 @@ def test_jsonfield(self):
},
adapter.get_schema(),
)


class TestTaggedValues(TestCase):
layer = PLONE_RESTAPI_DX_FUNCTIONAL_TESTING

def setUp(self):
self.portal = self.layer["portal"]
self.portal_url = self.portal.absolute_url()
self.request = self.layer["request"]
fti = DexterityFTI("TaggedDocument")
self.portal.portal_types._setObject("TaggedDocument", fti)
fti.klass = "plone.dexterity.content.Container"
fti.schema = "plone.restapi.tests.test_types.ITaggedValuesSchema"

self.anonymous_session = RelativeSession(self.portal_url, test=self)
self.anonymous_session.headers.update({"Accept": "application/json"})

self.api_session = RelativeSession(self.portal_url, test=self)
self.api_session.headers.update({"Accept": "application/json"})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)

transaction.commit()

def test_write_permission_anonymous(self):
response = self.anonymous_session.get("/@types/TaggedDocument")
self.assertEqual(response.status_code, 200)
jsonschema = response.json()

self.assertEqual(jsonschema["title"], "TaggedDocument")
self.assertNotIn("test_write_permission_field", jsonschema["properties"])

def test_write_permission_manager(self):
response = self.api_session.get("/@types/TaggedDocument")
self.assertEqual(response.status_code, 200)
jsonschema = response.json()
self.assertEqual(jsonschema["title"], "TaggedDocument")
self.assertIn("test_write_permission_field", jsonschema["properties"])