fixed route auth parameter override

Author: eadwinCode

ninja_extra/controllers/base.py

@@ -237,6 +237,8 @@ def add_api_operation(
         url_name: Optional[str] = None,
         include_in_schema: bool = True,
     ) -> Operation:
+        auth = self.auth if auth == NOT_SET else auth
+
         if self._prefix_has_route_param:
             path = normalize_path("/".join([i for i in (self.prefix, path) if i]))
         if path not in self._path_operations:
@@ -248,7 +250,7 @@ def add_api_operation(
             path=path,
             methods=methods,
             view_func=view_func,
-            auth=auth or self.auth,
+            auth=auth,
             response=response,
             operation_id=operation_id,
             summary=summary,

tests/test_route.py

@@ -34,15 +34,20 @@
 anonymous_request.user = AnonymousUser()
 
 
+class FakeAuth:
+    def authenticate(self, **kwargs):
+        return True
+
+
 @api_controller(
-    "permission", permissions=[permissions.IsAuthenticated & permissions.IsAdminUser]
+    "permission", auth=FakeAuth(), permissions=[permissions.IsAuthenticated & permissions.IsAdminUser]
 )
 class PermissionController:
-    @http_post("/example_post")
+    @http_post("/example_post", auth=None)
     def example(self):
         return {"message": "OK"}
 
-    @http_get("/example_get", permissions=[permissions.AllowAny])
+    @http_get("/example_get", auth=None, permissions=[permissions.AllowAny])
     def example_allow_any(self):
         return {"message": "OK"}
 
@@ -309,6 +314,13 @@ def get_real_user_request(cls):
         _request.user = user
         return _request
 
+    def test_permission_controller_example_allow_any_auth_is_none(self):
+        route_params = PermissionController.example_allow_any.route.route_params
+        assert route_params.auth is None
+
+        response = PermissionController.example_allow_any(anonymous_request)
+        assert response == {"message": "OK"}
+
     def test_route_is_protected_by_global_controller_permission(self):
         with pytest.raises(PermissionDenied) as pex:
             PermissionController.example(anonymous_request)
@@ -321,7 +333,7 @@ def test_route_protected_by_global_controller_permission_works(self):
         response = PermissionController.example(request)
         assert response == {"message": "OK"}
 
-    def test_route_is_protected_by_its_permissions(self):
+    def test_route_is_protected_by_its_permissions_paramater(self):
         response = PermissionController.example_allow_any(anonymous_request)
         assert response == {"message": "OK"}