- DISABLE_PERMISSIONS

poizonstore/settings.py

@@ -52,7 +52,6 @@ TG_BOT_TOKEN = get_secret("TG_BOT_TOKEN")
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = bool(int(os.environ.get("DJANGO_DEBUG") or 0))
-DISABLE_PERMISSIONS = False
 DISABLE_CORS = True
 
 ALLOWED_HOSTS = get_secret('ALLOWED_HOSTS').split(',')
@@ -175,9 +174,6 @@ REST_FRAMEWORK = {
     # or allow read-only access for unauthenticated users.
     'DEFAULT_PERMISSION_CLASSES': [
         'rest_framework.permissions.IsAuthenticated'
-        if not DISABLE_PERMISSIONS
-        else
-        'rest_framework.permissions.AllowAny'
     ],
 
     'DEFAULT_AUTHENTICATION_CLASSES': ['rest_framework.authentication.TokenAuthentication'],

store/views.py

@@ -36,12 +36,6 @@ def prepare_external_response(r: requests.Response):
     return Response(data)
 
 
-class DisablePermissionsMixin(generics.GenericAPIView):
-    def get_permissions(self):
-        if settings.DISABLE_PERMISSIONS:
-            return [permissions.AllowAny()]
-
-        return super().get_permissions()
 
 """
 - managers can create/edit/delete orders
@@ -141,7 +135,7 @@ class GlobalSettingsAPI(generics.RetrieveUpdateAPIView):
     permission_classes = [IsManager | ReadOnly]
 
     def get_serializer_class(self):
-        if getattr(self.request.user, 'is_manager', False) or settings.DISABLE_PERMISSIONS:
+        if getattr(self.request.user, 'is_manager', False):
             return GlobalSettingsSerializer
 
         # Anonymous users can view only a certain set of fields
@@ -199,7 +193,7 @@ class GiftAPI(viewsets.ModelViewSet):
     filterset_class = GiftFilter
 
     def get_queryset(self):
-        if getattr(self.request.user, 'is_manager', False) or settings.DISABLE_PERMISSIONS:
+        if getattr(self.request.user, 'is_manager', False):
             return Gift.objects.all()
 
         # For anonymous users, show only available gifts