Day 9: Added Global Permission and remove permission_classes from views and setting.py file

Author: PTHARRISH

api/views.py

@@ -7,7 +7,7 @@
 from django.shortcuts import get_object_or_404
 from rest_framework import status
 from rest_framework.parsers import FormParser, JSONParser, MultiPartParser
-from rest_framework.permissions import AllowAny, IsAdminUser, IsAuthenticated
+from rest_framework.permissions import AllowAny, IsAdminUser
 from rest_framework.response import Response
 from rest_framework.views import APIView
 from rest_framework_simplejwt.exceptions import TokenError
@@ -27,7 +27,6 @@
     UserSettings,
 )
 from api.pagination import DefaultPagination
-from api.permissions import DynamicPagePermission
 from api.serializers import (
     AssignPermissionSerializer,
     FollowerSerializer,
@@ -115,7 +114,6 @@ def post(self, request):
 
 
 class ProfileView(APIView):
-    permission_classes = [IsAuthenticated, DynamicPagePermission]
     serializer_class = ProfileSerializer
     parser_classes = [
         JSONParser,
@@ -157,7 +155,6 @@ def patch(self, request, username):
 
 
 class FollowersView(APIView):
-    permission_classes = [IsAuthenticated, DynamicPagePermission]
     pagination_class = DefaultPagination
 
     def get(self, request, username):
@@ -195,7 +192,6 @@ def delete(self, request, username):
 
 
 class FollowingView(APIView):
-    permission_classes = [IsAuthenticated, DynamicPagePermission]
     pagination_class = DefaultPagination
 
     def get(self, request, username):
@@ -238,8 +234,6 @@ def delete(self, request, username):
 
 
 class FollowActionView(APIView):
-    permission_classes = [IsAuthenticated]
-
     def post(self, request, username):
         target_user = get_object_or_404(User, username=username)
         if request.user == target_user:
@@ -270,8 +264,6 @@ def delete(self, request, username):
 
 
 class FollowRequestRespondView(APIView):
-    permission_classes = [IsAuthenticated]
-
     def post(self, request, request_id):
         follow_request = get_object_or_404(FollowRequest, id=request_id)
 
@@ -325,8 +317,6 @@ def post(self, request):
 
 # ======================= Block User View =======================
 class BlockUserView(APIView):
-    permission_classes = [IsAuthenticated]
-
     def post(self, request, user_id):
         BlockedUser.objects.get_or_create(blocker=request.user, blocked_id=user_id)
         return Response({"detail": "User blocked"}, status=201)
@@ -338,8 +328,6 @@ def delete(self, request, user_id):
 
 # ======================= Mute User View =======================
 class MuteUserView(APIView):
-    permission_classes = [IsAuthenticated]
-
     def post(self, request, user_id):
         MutedUser.objects.get_or_create(user=request.user, muted_user_id=user_id)
         return Response({"detail": "User muted"}, status=201)
@@ -351,8 +339,6 @@ def delete(self, request, user_id):
 
 # ======================= Close Friends View =======================
 class CloseFriendView(APIView):
-    permission_classes = [IsAuthenticated]
-
     def post(self, request, user_id):
         CloseFriend.objects.get_or_create(user=request.user, friend_id=user_id)
         return Response({"detail": "Added to close friends"}, status=201)
@@ -366,8 +352,6 @@ def delete(self, request, user_id):
 
 
 class UserSettingsView(APIView):
-    permission_classes = [IsAuthenticated]
-
     def get(self, request):
         settings_obj, _ = UserSettings.objects.get_or_create(user=request.user)
         serializer = UserSettingsSerializer(settings_obj)
@@ -385,8 +369,6 @@ def patch(self, request):
 
 # ======================== Logout View ========================
 class LogoutView(APIView):
-    permission_classes = [IsAuthenticated]
-
     def post(self, request):
         try:
             refresh_token = request.data.get("refresh")

backend/settings.py

@@ -204,7 +204,8 @@
         "rest_framework_simplejwt.authentication.JWTAuthentication",
     ],
     "DEFAULT_PERMISSION_CLASSES": [
-        "rest_framework.permissions.AllowAny",
+        "rest_framework.permissions.IsAuthenticated",
+        "api.permissions.DynamicPagePermission",
     ],
     # Disable CSRF for API endpoints (we use JWT)
     "DEFAULT_RENDERER_CLASSES": [