From b051bfaa3d5bb1bc4af3b05164cccecabffb5869 Mon Sep 17 00:00:00 2001 From: Gary Snider <75227981+gsnider2195@users.noreply.github.com> Date: Wed, 13 Nov 2024 13:53:21 -0800 Subject: [PATCH] remove authentication from API endpoints --- changes/341.fixed | 1 - nautobot_chatops/views.py | 6 ++---- nautobot_chatops/workers/__init__.py | 5 ++++- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/changes/341.fixed b/changes/341.fixed index 42a3a121..adf56166 100644 --- a/changes/341.fixed +++ b/changes/341.fixed @@ -1,5 +1,4 @@ Fixed django-constance not being upgradable due to this app accessing the database before migrations could run. Removed conditional logic for adding grafana navigation menu items. Fixed Nautobot v2.3 incompatibility caused by saved views not being able to determine the models' table classes. -Fixed mattermost, msteams, slack and webex integration API views that were not requiring the user to be logged in. Added exception handling for cases where diffsync is not installed, since it's marked as optional. diff --git a/nautobot_chatops/views.py b/nautobot_chatops/views.py index f3ac12d9..8bbee037 100644 --- a/nautobot_chatops/views.py +++ b/nautobot_chatops/views.py @@ -4,7 +4,7 @@ to send requests and notifications to. """ -from django.contrib.auth.mixins import LoginRequiredMixin, PermissionRequiredMixin +from django.contrib.auth.mixins import PermissionRequiredMixin from django.core.exceptions import ImproperlyConfigured from django.http import Http404 from django.shortcuts import render @@ -24,7 +24,7 @@ from nautobot_chatops.tables import AccessGrantTable, ChatOpsAccountLinkTable, CommandLogTable, CommandTokenTable -class SettingsControlledViewMixin(LoginRequiredMixin): +class SettingsControlledViewMixin: """View mixin to enable or disable views based on constance settings.""" enable_view_setting = None @@ -35,8 +35,6 @@ def dispatch(self, request, *args, **kwargs): raise ImproperlyConfigured( "Property `enable_view_setting` must be defined on the view to use SettingsControlledView." ) - if not request.user.is_authenticated: - return self.handle_no_permission() if not get_app_settings_or_config("nautobot_chatops", self.enable_view_setting): raise Http404 return super().dispatch(request, *args, **kwargs) diff --git a/nautobot_chatops/workers/__init__.py b/nautobot_chatops/workers/__init__.py index 01c459b2..8169abcd 100644 --- a/nautobot_chatops/workers/__init__.py +++ b/nautobot_chatops/workers/__init__.py @@ -57,7 +57,10 @@ def get_commands_registry(): """Populate and return the _commands_registry dictionary with all known commands, subcommands, and workers.""" - from nautobot_chatops.integrations.utils import ALL_INTEGRATIONS, DISABLED_INTEGRATIONS + from nautobot_chatops.integrations.utils import ( # pylint: disable=import-outside-toplevel + ALL_INTEGRATIONS, + DISABLED_INTEGRATIONS, + ) global _commands_registry # pylint: disable=global-variable-not-assigned global _registry_initialized # pylint: disable=global-statement