Disable stats access for device owners
authorMitja Nikolaus <mitja@fairphone.com>
Mon, 12 Nov 2018 18:07:30 +0000 (19:07 +0100)
committerMitja Nikolaus <mitja@fairphone.com>
Fri, 23 Nov 2018 14:46:12 +0000 (14:46 +0000)
Allow only Fairphone staff group members to access stats functions.

Issue: HIC-203
Change-Id: Ic989ae2d0d7a4b68cd57b114e91e2b14c52227fc

crashreport_stats/rest_endpoints.py

index b5cd108..ba8ea9f 100644 (file)
@@ -31,7 +31,6 @@ from crashreport_stats.models import (
 )
 from crashreports.models import Device, Crashreport, HeartBeat, LogFile
 from crashreports.permissions import (
-    HasRightsOrIsDeviceOwnerDeviceCreation,
     HasStatsAccess,
     SWAGGER_SECURITY_REQUIREMENTS_ALL,
     SWAGGER_SECURITY_REQUIREMENTS_OAUTH,
@@ -64,7 +63,7 @@ _DEVICE_UPDATE_HISTORY_SCHEMA = openapi.Schema(
 class DeviceUpdateHistory(APIView):
     """View the update history of a specific device."""
 
-    permission_classes = (HasRightsOrIsDeviceOwnerDeviceCreation,)
+    permission_classes = (HasStatsAccess,)
 
     @swagger_auto_schema(
         operation_description="Get the update history of a device",
@@ -157,7 +156,7 @@ _DEVICE_REPORT_HISTORY_SCHEMA = openapi.Schema(
 class DeviceReportHistory(APIView):
     """View the report history of a specific device."""
 
-    permission_classes = (HasRightsOrIsDeviceOwnerDeviceCreation,)
+    permission_classes = (HasStatsAccess,)
 
     @swagger_auto_schema(
         operation_description="Get the report history of a device",
@@ -318,7 +317,7 @@ _DEVICE_STAT_OVERVIEW_SCHEMA = openapi.Schema(
 class DeviceStat(APIView):
     """View an overview of the statistics of a device."""
 
-    permission_classes = (HasRightsOrIsDeviceOwnerDeviceCreation,)
+    permission_classes = (HasStatsAccess,)
 
     @swagger_auto_schema(
         operation_description="Get some general statistics for a device.",
@@ -389,7 +388,7 @@ _LOG_FILE_SCHEMA = openapi.Schema(title="LogFile", type=openapi.TYPE_FILE)
 class LogFileDownload(APIView):
     """View for downloading log files."""
 
-    permission_classes = (HasRightsOrIsDeviceOwnerDeviceCreation,)
+    permission_classes = (HasStatsAccess,)
 
     @swagger_auto_schema(
         operation_description="Get a log file.",