Default permission classes setting breaks S3FF REST endpoints

kitware-resonant / django-composed-configuration

Turnkey Django settings for data management applications.

Apache License 2.0

9 stars 2 forks source link

Default permission classes setting breaks S3FF REST endpoints #115

Closed zachmullen closed 3 years ago

zachmullen commented 3 years ago

48516da72525fc8dda41963cf44e9f5c9526e611 changed the default permission class from its built-in default value of AllowAny. Using S3FF REST endpoints via its TS client does not currently support authentication, and the endpoints are not read-only. I think we should revert this commit in the near term, until we can get a solution for the TS client of S3FF.

brianhelba commented 3 years ago

S3FF's TS client does support authentication, via this feature: https://github.com/girder/django-s3-file-field/pull/189 . That was released with https://github.com/girder/django-s3-file-field/releases/tag/v0.1.0 .

When used in a server-rendered context, S3FF authenticates via SessionAuthentication, supported via #108 and https://github.com/girder/django-s3-file-field/pull/191 .

Please comment further or reopen if there's something else that's not working.

brianhelba commented 3 years ago

These docs should fully resolve any uncertainty: https://github.com/girder/django-s3-file-field/pull/205