From eb4b29dfdf2cf1cbaad0c4ca3a4daee3e5f26775 Mon Sep 17 00:00:00 2001
From: phzhik <phzhitnikov@gmail.com>
Date: Mon, 20 May 2024 23:05:27 +0400
Subject: [PATCH] - DISABLE_PERMISSIONS

---
 poizonstore/settings.py |  4 ----
 store/views.py          | 10 ++--------
 2 files changed, 2 insertions(+), 12 deletions(-)

diff --git a/poizonstore/settings.py b/poizonstore/settings.py
index 3766699..890f423 100644
--- a/poizonstore/settings.py
+++ b/poizonstore/settings.py
@@ -52,7 +52,6 @@ TG_BOT_TOKEN = get_secret("TG_BOT_TOKEN")
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = bool(int(os.environ.get("DJANGO_DEBUG") or 0))
-DISABLE_PERMISSIONS = False
 DISABLE_CORS = True
 
 ALLOWED_HOSTS = get_secret('ALLOWED_HOSTS').split(',')
@@ -175,9 +174,6 @@ REST_FRAMEWORK = {
     # or allow read-only access for unauthenticated users.
     'DEFAULT_PERMISSION_CLASSES': [
         'rest_framework.permissions.IsAuthenticated'
-        if not DISABLE_PERMISSIONS
-        else
-        'rest_framework.permissions.AllowAny'
     ],
 
     'DEFAULT_AUTHENTICATION_CLASSES': ['rest_framework.authentication.TokenAuthentication'],
diff --git a/store/views.py b/store/views.py
index ad44883..8e2d3f0 100644
--- a/store/views.py
+++ b/store/views.py
@@ -36,12 +36,6 @@ def prepare_external_response(r: requests.Response):
     return Response(data)
 
 
-class DisablePermissionsMixin(generics.GenericAPIView):
-    def get_permissions(self):
-        if settings.DISABLE_PERMISSIONS:
-            return [permissions.AllowAny()]
-
-        return super().get_permissions()
 
 """
 - managers can create/edit/delete orders
@@ -141,7 +135,7 @@ class GlobalSettingsAPI(generics.RetrieveUpdateAPIView):
     permission_classes = [IsManager | ReadOnly]
 
     def get_serializer_class(self):
-        if getattr(self.request.user, 'is_manager', False) or settings.DISABLE_PERMISSIONS:
+        if getattr(self.request.user, 'is_manager', False):
             return GlobalSettingsSerializer
 
         # Anonymous users can view only a certain set of fields
@@ -199,7 +193,7 @@ class GiftAPI(viewsets.ModelViewSet):
     filterset_class = GiftFilter
 
     def get_queryset(self):
-        if getattr(self.request.user, 'is_manager', False) or settings.DISABLE_PERMISSIONS:
+        if getattr(self.request.user, 'is_manager', False):
             return Gift.objects.all()
 
         # For anonymous users, show only available gifts