From bf01f45ecaa836678b510cc71c549a075b0f2bef Mon Sep 17 00:00:00 2001 From: Colin Powell Date: Thu, 26 Mar 2026 17:01:52 -0400 Subject: [PATCH] [views] Update permission order --- vrobbler/apps/scrobbles/views.py | 26 +++++++++++++------------- vrobbler/apps/tasks/views.py | 4 ++-- vrobbler/apps/tasks/webhooks.py | 8 ++++---- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/vrobbler/apps/scrobbles/views.py b/vrobbler/apps/scrobbles/views.py index cde3a02..1ae2979 100644 --- a/vrobbler/apps/scrobbles/views.py +++ b/vrobbler/apps/scrobbles/views.py @@ -427,8 +427,8 @@ class KoReaderImportCreateView(LoginRequiredMixin, JsonableResponseMixin, Create return HttpResponseRedirect(self.request.META.get("HTTP_REFERER")) -@permission_classes([IsAuthenticated]) @api_view(["GET"]) +@permission_classes([IsAuthenticated]) def lastfm_import(request): lfm_import, created = LastFmImport.objects.get_or_create( user=request.user, processed_finished__isnull=True @@ -493,9 +493,9 @@ def web_scrobbler_webhook(request): return JsonResponse({"scrobble_id": scrobble.id}, status=status.HTTP_200_OK) -@csrf_exempt -@permission_classes([IsAuthenticated]) @api_view(["POST"]) +@permission_classes([IsAuthenticated]) +@csrf_exempt def jellyfin_webhook(request): post_data = request.data logger.info( @@ -529,9 +529,9 @@ def jellyfin_webhook(request): return Response({"scrobble_id": scrobble.id}, status=status.HTTP_200_OK) -@csrf_exempt -@permission_classes([IsAuthenticated]) @api_view(["POST"]) +@permission_classes([IsAuthenticated]) +@csrf_exempt def mopidy_webhook(request): try: data_dict = json.loads(request.data) @@ -554,9 +554,9 @@ def mopidy_webhook(request): return Response({"scrobble_id": scrobble.id}, status=status.HTTP_200_OK) -@csrf_exempt -@permission_classes([IsAuthenticated]) @api_view(["POST"]) +@permission_classes([IsAuthenticated]) +@csrf_exempt def gps_webhook(request): try: data_dict = json.loads(request.data) @@ -584,10 +584,10 @@ def gps_webhook(request): return Response({"scrobble_id": scrobble.id}, status=status.HTTP_200_OK) -@csrf_exempt -@permission_classes([IsAuthenticated]) @api_view(["POST"]) @parser_classes([MultiPartParser]) +@permission_classes([IsAuthenticated]) +@csrf_exempt def import_audioscrobbler_file(request): """Takes a TSV file in the Audioscrobbler format, saves it and processes the scrobbles. @@ -603,8 +603,8 @@ def import_audioscrobbler_file(request): return Response(file_serializer.errors, status=status.HTTP_400_BAD_REQUEST) -@permission_classes([IsAuthenticated]) @api_view(["GET"]) +@permission_classes([IsAuthenticated]) def scrobble_start(request, uuid): logger.info( "[scrobble_start] called", @@ -694,8 +694,8 @@ def scrobble_longplay_finish(request, uuid): return HttpResponseRedirect(success_url) -@permission_classes([IsAuthenticated]) @api_view(["GET"]) +@permission_classes([IsAuthenticated]) def scrobble_finish(request, uuid): user = request.user success_url = request.META.get("HTTP_REFERER") @@ -718,8 +718,8 @@ def scrobble_finish(request, uuid): return HttpResponseRedirect(success_url) -@permission_classes([IsAuthenticated]) @api_view(["GET"]) +@permission_classes([IsAuthenticated]) def scrobble_cancel(request, uuid): user = request.user success_url = reverse_lazy("vrobbler-home") @@ -740,8 +740,8 @@ def scrobble_cancel(request, uuid): return HttpResponseRedirect(request.META.get("HTTP_REFERER")) -@permission_classes([IsAuthenticated]) @api_view(["GET"]) +@permission_classes([IsAuthenticated]) def export(request): format = request.GET.get("export_type", "csv") start = request.GET.get("start") diff --git a/vrobbler/apps/tasks/views.py b/vrobbler/apps/tasks/views.py index 0b15481..975a625 100644 --- a/vrobbler/apps/tasks/views.py +++ b/vrobbler/apps/tasks/views.py @@ -24,9 +24,9 @@ class TaskDetailView(ScrobbleableDetailView): model = Task -@csrf_exempt -@permission_classes([IsAuthenticated]) @api_view(["GET"]) +@permission_classes([IsAuthenticated]) +@csrf_exempt def todoist_oauth(request): logger.info( "[todoist_oauth] called", diff --git a/vrobbler/apps/tasks/webhooks.py b/vrobbler/apps/tasks/webhooks.py index 21b8fab..9c881c8 100644 --- a/vrobbler/apps/tasks/webhooks.py +++ b/vrobbler/apps/tasks/webhooks.py @@ -17,9 +17,9 @@ from scrobbles.scrobblers import ( logger = logging.getLogger(__name__) -@csrf_exempt -@permission_classes([IsAuthenticated]) @api_view(["POST"]) +@permission_classes([IsAuthenticated]) +@csrf_exempt def todoist_webhook(request): post_data = request.data logger.info( @@ -115,9 +115,9 @@ def todoist_webhook(request): return Response({"scrobble_id": scrobble.id}, status=status.HTTP_200_OK) -@csrf_exempt -@permission_classes([IsAuthenticated]) @api_view(["POST"]) +@permission_classes([IsAuthenticated]) +@csrf_exempt def emacs_webhook(request): try: post_data = json.loads(request.data)