search

Pithikos / rest-framework-roles

Role-based permissions for Django and Django REST Framework
MIT License
62 stars 4 forks source link

drf-spectacular compatibility #10

Closed MVKozlov closed 7 months ago

MVKozlov commented 8 months ago

django 5.0.3 djangorestframework 3.15.0 rest-framework-roles 1.0.5 drf-spectacular 0.27.1

Old code, new issue:

def is_test(request, view):
    return True

ROLES = {
    # Django out-of-the-box
    'admin': is_admin,
    'user': is_user,
    'anon': is_anon,

    # Some custom role examples
    'test': is_test,
}

class UserProfileView(views.APIView):
#    permission_classes = [permissions.IsAuthenticated]
    view_permissions = {
        'get': { 'test': True },
        'options': { 'test': True },
    }
    def get(self, request: Request, format=None):
        """
        Return a current user.
        """
        serializer = UserSerializer(request.user, context={'request': request})
        return Response(data=serializer.data)

Description for method api with enabled view_permissions return A wrapped view is the view that was explicitly mentioned in view_permissions, hence it shall ALWAYS check for permissions. instead of Return a current user.

Pithikos commented 8 months ago

Where are you seeing this? In the browseable API?

Essentially you're seeing the docstring for the wrapper function of the view: https://github.com/Pithikos/rest-framework-roles/blob/master/rest_framework_roles/patching.py#L69-L79

I think this would simply to patch __doc__ but would be helpful to be able and reproduce the issue since not sure where you see that

Pithikos commented 8 months ago

@MVKozlov OK, this fix was simple. Note I didn't try with drf-spectacular but the fix is generic - preserving the docstring from the patched method, so it should just work.

Please try with the updated version: rest-framework-roles==1.0.6

MVKozlov commented 7 months ago

This was visible in yaml output and Browsable API

Thanks, the fix works!