edit_string_translation view should not use REST_FRAMEWORK default permissions and authentication classes

[edit_string_translation](https://github.com/wagtail/wagtail-localize/blob/main/wagtail_localize/views/edit_translation.py#L986)  api view currently does not explicitly specify permission class, which means that default settings for rest framework would be used. 

When [DjangoModelPermissionsOrAnonReadOnly](https://www.django-rest-framework.org/api-guide/permissions/#djangomodelpermissionsoranonreadonly) is used as a default permission class:

```python
REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework.authentication.SessionAuthentication',
    ],
    # Use Django's standard `django.contrib.auth` permissions,
    # or allow read-only access for unauthenticated users.
    "DEFAULT_PERMISSION_CLASSES": [
        "rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly"
    ],
}
```

following error would be raised in ajax view to translate string:

```
Exception Type: AssertionError at /cms/localize/translate/1/strings/1/edit/
Exception Value: Cannot apply DjangoModelPermissionsOrAnonReadOnly on a view that does not set .queryset or have a .get_queryset() method.
```

I think that `edit_string_translation` view function should be decorated with required permission class to avoid taking defaults, ie:

```python
@permission_classes([IsAuthenticated])
```


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

edit_string_translation view should not use REST_FRAMEWORK default permissions and authentication classes #499

bmihelac
openedon Jan 3, 2022

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

edit_string_translation view should not use REST_FRAMEWORK default permissions and authentication classes #499

Description

bmihelacopenedon Jan 3, 2022

Metadata