feat(api): rename TokenDomainPolicy.perm_rrsets to .perm_write

api/desecapi/migrations/0035_rename_perm_rrsets_tokendomainpolicy_write.py

@@ -0,0 +1,17 @@
+# Generated by Django 5.0rc1 on 2023-12-01 17:00
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("desecapi", "0034_tokendomainpolicy_subname_tokendomainpolicy_type"),
+    ]
+
+    operations = [
+        migrations.RenameField(
+            model_name="tokendomainpolicy",
+            old_name="perm_rrsets",
+            new_name="perm_write",
+        ),
+    ]

api/desecapi/models/tokens.py

@@ -158,7 +158,7 @@ class TokenDomainPolicy(ExportModelOperationsMixin("TokenDomainPolicy"), models.
         max_length=10, null=True, validators=RRset.type.field._validators
     )
     perm_dyndns = models.BooleanField(default=False)
-    perm_rrsets = models.BooleanField(default=False)
+    perm_write = models.BooleanField(default=False)
     # Token user, filled via trigger. Used by compound FK constraints to tie domain.owner to token.user (see migration).
     token_user = models.ForeignKey(
         "User", on_delete=models.CASCADE, db_constraint=False, related_name="+"

api/desecapi/permissions.py

@@ -123,7 +123,7 @@ class TokenHasDomainRRsetsPermission(TokenHasDomainBasePermission):
     Custom permission to check whether a token authorizes accessing RRsets for the view domain.
     """
 
-    perm_field = "perm_rrsets"
+    perm_field = "perm_write"
 
 
 class AuthTokenCorrespondsToViewToken(permissions.BasePermission):

api/desecapi/serializers/tokens.py

@@ -50,7 +50,7 @@ class TokenDomainPolicySerializer(serializers.ModelSerializer):
         fields = (
             "domain",
             "perm_dyndns",
-            "perm_rrsets",
+            "perm_write",
         )
 
     def to_internal_value(self, data):

api/desecapi/tests/test_token_domain_policy.py

@@ -48,7 +48,7 @@ class TokenDomainPolicyClient(APIClient):
 
 class TokenDomainPolicyTestCase(DomainOwnerTestCase):
     client_class = TokenDomainPolicyClient
-    default_data = dict(perm_dyndns=False, perm_rrsets=False)
+    default_data = dict(perm_dyndns=False, perm_write=False)
 
     def setUp(self):
         super().setUp()
@@ -58,7 +58,7 @@ class TokenDomainPolicyTestCase(DomainOwnerTestCase):
 
     def test_policy_lifecycle_without_management_permission(self):
         # Prepare (with management token)
-        data = dict(domain=None, perm_rrsets=True)
+        data = dict(domain=None, perm_write=True)
         response = self.client.create_policy(
             self.token, using=self.token_manage, data=data
         )
@@ -98,7 +98,7 @@ class TokenDomainPolicyTestCase(DomainOwnerTestCase):
 
             # Change
             data = dict(
-                domain=self.my_domains[1].name, perm_dyndns=False, perm_rrsets=True
+                domain=self.my_domains[1].name, perm_dyndns=False, perm_write=True
             )
             response = self.client.patch_policy(
                 target, using=self.token, domain=self.my_domains[0].name, data=data
@@ -142,7 +142,7 @@ class TokenDomainPolicyTestCase(DomainOwnerTestCase):
 
         # Create
         ## default policy
-        data = dict(domain=None, perm_rrsets=True)
+        data = dict(domain=None, perm_write=True)
         response = self.client.create_policy(
             self.token, using=self.token_manage, data=data
         )
@@ -163,7 +163,7 @@ class TokenDomainPolicyTestCase(DomainOwnerTestCase):
         self.assertEqual(response.data, self.default_data | data)
 
         ## can't create policy for other user's domain
-        data = dict(domain=self.other_domain.name, perm_dyndns=True, perm_rrsets=True)
+        data = dict(domain=self.other_domain.name, perm_dyndns=True, perm_write=True)
         response = self.client.create_policy(
             self.token, using=self.token_manage, data=data
         )
@@ -200,7 +200,7 @@ class TokenDomainPolicyTestCase(DomainOwnerTestCase):
 
         # Change
         ## all fields of a policy
-        data = dict(domain=self.my_domains[1].name, perm_dyndns=False, perm_rrsets=True)
+        data = dict(domain=self.my_domains[1].name, perm_dyndns=False, perm_write=True)
         response = self.client.patch_policy(
             self.token,
             using=self.token_manage,
@@ -244,7 +244,7 @@ class TokenDomainPolicyTestCase(DomainOwnerTestCase):
             self.token, using=self.token_manage, domain=None, data=data
         )
         self.assertStatus(response, status.HTTP_200_OK)
-        self.assertEqual(response.data, {"domain": None, "perm_rrsets": True} | data)
+        self.assertEqual(response.data, {"domain": None, "perm_write": True} | data)
 
         # Delete
         ## can't delete default policy while others exist
@@ -318,7 +318,7 @@ class TokenDomainPolicyTestCase(DomainOwnerTestCase):
                     )
                 return responses
 
-            if perm == "perm_rrsets":
+            if perm == "perm_write":
                 url_detail = self.reverse("v1:rrset@", name=name, subname="", type="A")
                 url_list = self.reverse("v1:rrsets", name=name)
 

docs/auth/tokens.rst

@@ -321,7 +321,7 @@ A JSON object representing a token domain policy has the following structure::
     {
         "domain": "example.com",
         "perm_dyndns": false,
-        "perm_rrsets": true
+        "perm_write": true
     }
 
 Field details:
@@ -339,7 +339,7 @@ Field details:
     Indicates whether :ref:`dynDNS updates <update-api>` are allowed.
     Defaults to ``false``.
 
-``perm_rrsets``
+``perm_write``
     :Access mode: read, write
     :Type: boolean