Introduce SCHEMA_GRAPH_VISIBLE setting

meshy · meshy · commit dbbc942a0469 · 2022-08-01T14:55:03.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,17 @@ Version numbers should follow https://semver.org/spec/v2.0.0.html
 
 ## [Unreleased]
 
+### Added
+
+- Introduced `SCHEMA_GRAPH_VISIBLE` setting as a way to control access to the
+  `Schema` view. We will continue to default to using `DEBUG`.
+
+
+### Changed
+
+- We no longer use a decorator on the `Schema` view to override `dispatch`, and
+  now override it directly.
+
 
 ## [2.0.0] - 2022-08-01
 
diff --git a/README.md b/README.md
@@ -51,8 +51,11 @@ urlpatterns += [
 
 Browse to `/schema/` (assuming that's where you put it in your URLs).
 
-Note: `DEBUG` mode is required, on the assumption that you don't want to leak
-sensitive information about your website outside of local development.
+You can control access to this page using the `SCHEMA_GRAPH_VISIBLE` setting,
+or by subclassing `schema_graph.views.Schema` and overriding `access_permitted`.
+By default the page is only visible when `DEBUG` is `True`,
+because we assume that you don't want to leak sensitive information about your
+website outside of local development.
 
 ## Support
 
diff --git a/schema_graph/views.py b/schema_graph/views.py
@@ -11,8 +11,16 @@ class Schema(TemplateView):
     template_name = "schema_graph/schema.html"
 
     def access_permitted(self):
-        """When this returns True, the schema graph page is accessible."""
-        return settings.DEBUG
+        """
+        When this returns True, the schema graph page is accessible.
+
+        We look for the setting `SCHEMA_GRAPH_VISIBLE`, and fall back to `DEBUG`.
+
+        To control this on a per-request basis, override this function in a subclass.
+        The request will be accessible using `self.request`.
+        """
+
+        return getattr(settings, "SCHEMA_GRAPH_VISIBLE", settings.DEBUG)
 
     def dispatch(self, request):
         if not self.access_permitted():
diff --git a/tests/test_views.py b/tests/test_views.py
@@ -36,19 +36,35 @@ def test_content():
     assert response.rendered_content.startswith("<!doctype html>")
 
 
-def test_debug():
-    """Schema should be accessible in DEBUG mode."""
+@pytest.mark.parametrize(
+    "settings_dict",
+    [
+        # SCHEMA_GRAPH_VISIBLE takes priority over DEBUG.
+        {"DEBUG": True, "SCHEMA_GRAPH_VISIBLE": True},
+        {"DEBUG": False, "SCHEMA_GRAPH_VISIBLE": True},
+        {"DEBUG": True},
+    ],
+)
+def test_accessible_settings(settings_dict):
     view = Schema.as_view()
     request = create_request()
-    with override_settings(DEBUG=True):
+    with override_settings(**settings_dict):
         response = view(request)
     assert response.status_code == 200
 
 
-def test_no_debug():
-    """Schema should be inaccessible outwith DEBUG mode."""
+@pytest.mark.parametrize(
+    "settings_dict",
+    [
+        # SCHEMA_GRAPH_VISIBLE takes priority over DEBUG.
+        {"DEBUG": True, "SCHEMA_GRAPH_VISIBLE": False},
+        {"DEBUG": False, "SCHEMA_GRAPH_VISIBLE": False},
+        {"DEBUG": False},
+    ],
+)
+def test_inaccessible_settings(settings_dict):
     view = Schema.as_view()
     request = create_request()
-    with override_settings(DEBUG=False):
+    with override_settings(**settings_dict):
         with pytest.raises(Http404):
             view(request)
