diff --git a/dispatch/urls.py b/dispatch/urls.py index 604b056..df4304c 100644 --- a/dispatch/urls.py +++ b/dispatch/urls.py @@ -12,5 +12,5 @@ urlpatterns = [ path('api/dispatchers//message', DispatchMessageByKey.as_view(), name='dispatch_api_dispatch_message'), path('api/actions/', DispatcherActionList.as_view(), name='dispatch_api_actions'), - path('api/actions//', DispatcherActionDetail.as_view(), name='dispatch_api_action_detail'), + path('api/actions//', DispatcherActionDetail.as_view(), name='dispatch_api_action_detail'), ] diff --git a/dispatch/views.py b/dispatch/views.py index 5dc8ce6..4cd24bf 100644 --- a/dispatch/views.py +++ b/dispatch/views.py @@ -28,6 +28,8 @@ class HasSendMessagePermission(IsAuthenticated): class DispatcherList(generics.ListAPIView): """List all dispatchers.""" + permission_classes = (IsAuthenticated,) + queryset = Dispatcher.objects.all() serializer_class = DispatcherSerializer @@ -35,6 +37,8 @@ class DispatcherList(generics.ListAPIView): class DispatcherDetail(generics.RetrieveAPIView): """Detail the given dispatcher.""" + permission_classes = (IsAuthenticated,) + queryset = Dispatcher.objects.all() serializer_class = DispatcherSerializer @@ -107,6 +111,8 @@ class DispatchMessageByKey(DispatchMessage): class DispatcherActionList(generics.ListAPIView): """List all dispatchers.""" + permission_classes = (IsAuthenticated,) + queryset = DispatcherAction.objects.all() serializer_class = DispatcherActionSerializer @@ -114,5 +120,7 @@ class DispatcherActionList(generics.ListAPIView): class DispatcherActionDetail(generics.RetrieveAPIView): """Detail the given dispatcher.""" + permission_classes = (IsAuthenticated,) + queryset = DispatcherAction.objects.all() serializer_class = DispatcherActionSerializer diff --git a/tests/test_dispatch_api.py b/tests/test_dispatch_api.py index 5ffcf20..277b133 100644 --- a/tests/test_dispatch_api.py +++ b/tests/test_dispatch_api.py @@ -1,6 +1,6 @@ """Test the dispatch package's webservice.""" from django.contrib.auth.models import User -from rest_framework.status import HTTP_200_OK +from rest_framework.status import HTTP_200_OK, HTTP_403_FORBIDDEN from rest_framework.test import APITestCase from dispatch.models import Dispatcher, DispatcherAction @@ -27,3 +27,18 @@ class DispatchAPITest(APITestCase): resp = self.client.get('/dispatch/api/actions/') self.assertEqual(resp.status_code, HTTP_200_OK) self.assertEqual(len(resp.json()), DispatcherAction.objects.count()) + + def test_unauthed_dispatch_object_retrieval(self): + """Test that the list endpoints require authentication.""" + client = self.client_class() + resp = client.get('/dispatch/api/dispatchers/') + self.assertEqual(resp.status_code, HTTP_403_FORBIDDEN) + resp = client.get('/dispatch/api/dispatchers/111/') + self.assertEqual(resp.status_code, HTTP_403_FORBIDDEN) + resp = client.get('/dispatch/api/dispatchers/fake/') + self.assertEqual(resp.status_code, HTTP_403_FORBIDDEN) + + resp = client.get('/dispatch/api/actions/') + self.assertEqual(resp.status_code, HTTP_403_FORBIDDEN) + resp = client.get('/dispatch/api/actions/111/') + self.assertEqual(resp.status_code, HTTP_403_FORBIDDEN)