!refactor(backend): remove API quirks (#11723)

* move action to post endpoint * use default return code * remove custom permissions on notifications endpoint * add api bump * update link * fix assertation * fix test to use post - this was refactored
2026-04-21 02:30:48 +00:00 · 2026-04-13 02:31:08 +02:00
parent fc06aa354a
commit 27ce60dea3
6 changed files with 14 additions and 22 deletions
--- a/src/backend/InvenTree/InvenTree/api_version.py
+++ b/src/backend/InvenTree/InvenTree/api_version.py
@@ -1,11 +1,16 @@
 """InvenTree API version information."""

 # InvenTree API version
-INVENTREE_API_VERSION = 478
+INVENTREE_API_VERSION = 479
 """Increment this API version number whenever there is a significant change to the API that any clients need to know about."""

 INVENTREE_API_TEXT = """

+v479 -> 2026-04-11 : https://github.com/inventree/InvenTree/pull/11723
+    - POST /api//notifications/readall/ now requires a POST action
+    - POST /api/admin/email/test/ - now returns a 200 on. a successful test
+    - GET /api/notifications/ - now uses user-centric permissions, not a general read
+
 v478 -> 2026-04-11 : https://github.com/inventree/InvenTree/pull/11073
    - Add OptionalField class for cleaner handling of optional fields in serializers

--- a/src/backend/InvenTree/common/api.py
+++ b/src/backend/InvenTree/common/api.py
@@ -395,21 +395,8 @@ class NotificationMessageViewSet(
        queryset = queryset.filter(user=request.user)
        return queryset

-    def get_permissions(self):
-        """Override permissions for list view."""
-        if self.action == 'list':
-            return [IsAuthenticatedOrReadScope()]
-        else:
-            return super().get_permissions()
-
-    def list(self, request, *args, **kwargs):
-        """List view for all notifications of the current user."""
-        # TODO @matmair permissions for this are currently being overwritten in get_permissions - this should be moved to a dedicated endpoint
-        return super().list(request, *args, **kwargs)
-
-    # TODO @matmair this should really be a POST
    @action(
-        detail=False, methods=['get'], permission_classes=[IsAuthenticatedOrReadScope]
+        detail=False, methods=['post'], permission_classes=[IsAuthenticatedOrReadScope]
    )
    def readall(self, request, *args, **kwargs):
        """Set all messages for the current user as read."""
@@ -1248,7 +1235,6 @@ class EmailViewSet(BulkDeleteViewsetMixin, RetrieveDestroyModelViewSet):
        'thread_id_key',
    ]

-    @extend_schema(responses={201: common.serializers.TestEmailSerializer})
    @action(
        detail=False,
        methods=['post'],
@@ -1270,8 +1256,7 @@ class EmailViewSet(BulkDeleteViewsetMixin, RetrieveDestroyModelViewSet):
            raise serializers.ValidationError(
                detail=f'Failed to send test email: "{reason}"'
            )  # pragma: no cover
-        # TODO @matmair - breaking change: this should be a 200
-        return Response(serializer.data, status=201)
+        return Response(serializer.data)


 admin_router.register('email', EmailViewSet, basename='api-email')
--- a/src/backend/InvenTree/common/test_emails.py
+++ b/src/backend/InvenTree/common/test_emails.py
@@ -103,7 +103,9 @@ class EmailTests(InvenTreeAPITestCase):
    )
    def test_email_api(self):
        """Test that the email api endpoints work."""
-        self.post(reverse('api-email-test'), {'email': 'test@example.org'})
+        self.post(
+            reverse('api-email-test'), {'email': 'test@example.org'}, expected_code=200
+        )

        response = self.get(reverse('api-email-list'), expected_code=200)
        self.assertIn('subject', response.data[0])
--- a/src/backend/InvenTree/common/tests.py
+++ b/src/backend/InvenTree/common/tests.py
@@ -1332,7 +1332,7 @@ class NotificationTest(InvenTreeAPITestCase):
        self.assertEqual(len(self.get(url, expected_code=200).data), 1)

        # Read with readall endpoint
-        self.get(reverse('api-notifications-readall'), {}, expected_code=200)
+        self.post(reverse('api-notifications-readall'), {}, expected_code=200)

        self.assertEqual(NotificationMessage.objects.filter(read=True).count(), 1)
        self.assertEqual(len(self.get(url, expected_code=200).data), 1)
--- a/src/frontend/src/components/nav/NotificationDrawer.tsx
+++ b/src/frontend/src/components/nav/NotificationDrawer.tsx
@@ -137,7 +137,7 @@ export function NotificationDrawer({

  const markAllAsRead = useCallback(() => {
    api
-      .get(apiUrl(ApiEndpoints.notifications_readall), {
+      .post(apiUrl(ApiEndpoints.notifications_readall), {
        params: {
          read: false
        }
--- a/src/frontend/src/pages/Notifications.tsx
+++ b/src/frontend/src/pages/Notifications.tsx
@@ -26,7 +26,7 @@ export default function NotificationsPage() {

  const markAllAsRead = useCallback(() => {
    api
-      .get(apiUrl(ApiEndpoints.notifications_readall), {
+      .post(apiUrl(ApiEndpoints.notifications_readall), {
        params: {
          read: false
        }