Troubleshooting 403 errors with RetrieveUpdateDestroyAPIView that only happen on OpenShift

edivorce/apps/core/urls.py

@@ -7,7 +7,7 @@ urlpatterns = [
     # url(r'^guide$', styleguide.guide),
     url(r'^api/response$', api.UserResponseHandler.as_view()),
     url(r'^api/documents/$', api.DocumentCreateView.as_view(), name='documents'),
-    path('api/documents/<doc_type>/<int:party_code>/', api.DocumentMetaDataView.as_view(), name='documents-meta'),
+    # path('api/documents/<doc_type>/<int:party_code>/', api.DocumentMetaDataView.as_view(), name='documents-meta'),
     path('api/documents/<doc_type>/<int:party_code>/<int:size>/<filename>', api.DocumentView.as_view(), name='document'),
     path('api/documents/<file_key>/', api.get_document_file_by_key, name='document_by_key'),
 

edivorce/apps/core/views/api.py

@@ -60,24 +60,27 @@ class DocumentCreateView(CreateAPIView):
     queryset = Document.objects.all()
 
 
-class DocumentMetaDataView(ListAPIView):
-    serializer_class = DocumentMetadataSerializer
-    permission_classes = [permissions.IsAuthenticated]
-
-    def get_queryset(self):
-        doc_type = self.kwargs['doc_type']
-        party_code = self.kwargs['party_code']
-        return Document.objects.filter(doc_type=doc_type, party_code=party_code, bceid_user=self.request.user).order_by('sort_order')
+#class DocumentMetaDataView(ListAPIView):
+#    serializer_class = DocumentMetadataSerializer
+#    permission_classes = [permissions.IsAuthenticated]
+#
+#    def get_queryset(self):
+#        doc_type = self.kwargs['doc_type']
+#        party_code = self.kwargs['party_code']
+#        return Document.objects.filter(doc_type=doc_type, party_code=party_code, bceid_user=self.request.user).order_by('sort_order')
 
 
 class DocumentView(RetrieveUpdateDestroyAPIView):
     serializer_class = DocumentMetadataSerializer
-    permission_classes = [permissions.IsAuthenticated]
+    # permission_classes = [permissions.IsAuthenticated]
 
     def get_object(self):
         return Document.objects.get(bceid_user=self.request.user, **self.kwargs)
 
     def retrieve(self, request, *args, **kwargs):
+        if not self.request.user.is_authenticated:
+            return Response(status=status.HTTP_403_FORBIDDEN)
+
         """ Return the file instead of meta data """
         document = self.get_object()
         content_type = Document.content_type_from_filename(document.filename)