enable auth guard on all private endpoints; Add login button to browsable API

connection/views.py

@@ -23,7 +23,7 @@ class ConnectionTypeViewSet(viewsets.ModelViewSet):
 class ConnectionViewSet(viewsets.ModelViewSet):
     """API endpoint that allows connections to be seen or created
     """
-    # permission_classes = [IsAuthenticated]
+    permission_classes = [IsAuthenticated]
     queryset = Connection.objects.all()
     serializer_class = ConnectionSerializer
     # Make connections somewhat immutable from the users perspective

core/urls.py

@@ -86,6 +86,7 @@ apipatterns = [
 urlpatterns = [
     path('admin/', admin.site.urls),
     path('api/v1/', include(apipatterns), name='api'),
+    path('api-auth/', include('rest_framework.urls')),
     # path('api/v1/schema/', SpectacularAPIView.as_view(), name='schema'),
     path('api/v1/docs', schema_view.with_ui('swagger', cache_timeout=0), name='schema-swagger-ui'),
     path('api/v1/schema/redoc/', schema_view.with_ui('redoc', cache_timeout=0), name='schema-redoc'),

qrtr_account/views.py

@@ -31,6 +31,8 @@ class FacebookLogin(SocialLoginView):
 class AccountViewSet(ReadWriteSerializerMixin, viewsets.ModelViewSet):
     """API endpoint that allows accounts to  be viewed or edited
     """
+    permission_classes = [IsAuthenticated]
+
     queryset = Account.objects.all()
     read_serializer_class = AccountReadSerializer
     write_serializer_class = AccountWriteSerializer
@@ -39,6 +41,8 @@ class AccountViewSet(ReadWriteSerializerMixin, viewsets.ModelViewSet):
 class BankAccountViewSet(viewsets.ModelViewSet):
     """API endpoint that allows BankAccounts to  be viewed or edited
     """
+    permission_classes = [IsAuthenticated]
+
     queryset = BankAccount.objects.all()
     # serializer_class = BankAccountSerializer
 
@@ -51,6 +55,8 @@ class BankAccountViewSet(viewsets.ModelViewSet):
 class SliceViewSet(viewsets.ModelViewSet):
     """API endpoint that allows BankAccounts to  be viewed.
     """
+    permission_classes = [IsAuthenticated]
+
     queryset = Slice.objects.all()
     serializer_class = SliceSerializer
 
@@ -63,12 +69,15 @@ class SliceViewSet(viewsets.ModelViewSet):
     }
 
 class SubscriptionPlanViewSet(viewsets.ModelViewSet):
+
     queryset = SubscriptionPlan.objects.all()
     serializer_class = SubscriptionPlanSerializer
 
 class InstitutionViewSet(viewsets.ReadOnlyModelViewSet):
     """API endpoint that allows BankAccounts to  be viewed.
     """
+    permission_classes = [IsAuthenticated]
+
     queryset = Institution.objects.all()
     serializer_class = InstitutionSerializer
 
@@ -76,6 +85,8 @@ class InstitutionViewSet(viewsets.ReadOnlyModelViewSet):
 class TransactionViewSet(viewsets.ModelViewSet):
     """API endpoint that allows BankAccounts to  be viewed.
     """
+    permission_classes = [IsAuthenticated]
+
     queryset = Transaction.objects.filter(is_split=False)
     serializer_class = TransactionSerializer
     search_fields = ['name', 'slice__name', 'bank__nickname',
@@ -111,6 +122,7 @@ class TransactionViewSet(viewsets.ModelViewSet):
 
 class SliceTransactionViewSet(viewsets.ModelViewSet):
 
+    permission_classes = [IsAuthenticated]
     serializer_class = SliceTransactionSerializer
     queryset = Slice.objects.all()
 
@@ -129,5 +141,6 @@ class SliceTransactionViewSet(viewsets.ModelViewSet):
 class RuleViewSet(viewsets.ReadOnlyModelViewSet):
     """API endpoint that allows BankAccounts to  be viewed.
     """
+    permission_classes = [IsAuthenticated]
     queryset = Rule.objects.all()
     serializer_class = RuleSerializer