Fix broken api for non-GET requests

Summary:
- Removes DjangoModelPermissions from the settings template.
DjangoModelPermissions is not needed since the user actions are
validated based on their organization allowed peers. There is no other
permission model/group. DjangoModelPermissions rendered the non-GET
actions unusable until now in the api (only admins could make such
actions) whereas in the views, such actions were allowed
(because the view used django forms instead of api callbacks)
- Downgrades djangorestframework version to solve #1850 drf bug with
pickling and caching. Bug was solved after version 3.0.4 which until now
is not tested, so it's safer to downgrade. More info about the bug:
encode/django-rest-framework#1850
- Fix documentation example for `then` rule
- Adds PENDING in allowed Route statuses since the rules are applied
asynchronously and this means that until applied, the Route will have to
be in PENDING status. This was stated in commit
11171aa message but was not implemented

Reviewers: #developers, zmousm

Reviewed By: #developers, zmousm

Subscribers: zmousm, #developers

Differential Revision: https://phab.noc.grnet.gr/D5182

Author: ioparaskev

doc/api.md

@@ -268,7 +268,7 @@ existing) since we need it's `id`. Let's assume a `ThenAction` with an `id` of
 `4` exists. To create a new `Route` with this `ThenAction`:
 
 ```
-curl -X POST https://fod.example.com/api/routes/ -F "source=62.217.45.75/32" -F "destination=62.217.45.91/32" -F "name=testroute" -F "comments=Route for testing" -F "then=https://fod.example.com/api/thenactions/4" -H "Authorization: Token <your-token>"
+curl -X POST -H "Content-Type: application/json" -H "Authorization: Token <your-token>" https://fod.staging.grnet.gr/api/routes/ -d '{"source":"62.217.45.75/32", "destination":"62.217.45.91/32", "name":"testroute", "then":["https://fod.staging.grnet.gr/api/thenactions/4/"]}'
 
 {
     "name":"testroute_9Q5Y90",

flowspec/validators.py

@@ -5,7 +5,6 @@
 from django.utils.translation import ugettext as _
 from peers.models import PeerRange, Peer
 from flowspec.models import Route
-from django.core.urlresolvers import reverse
 
 
 def get_network(ip):
@@ -31,8 +30,6 @@ def clean_ip(address):
 def clean_status(status):
     """
     Verifies the `status` of a `Route` is valid.
-    Only allows `ACTIVE` / `INACTIVE` states since the rest should be
-    assigned from the application
 
     :param status: the status of a `Route`
     :type status: str
@@ -41,7 +38,7 @@ def clean_status(status):
     :rtype: str
     """
 
-    allowed_states = ['ACTIVE', 'INACTIVE']
+    allowed_states = ['ACTIVE', 'INACTIVE', 'PENDING']
 
     if status not in allowed_states:
         return _('Invalid status value. You are allowed to use "{}".'.format(

flowspy/settings.py.dist

@@ -309,7 +309,6 @@ REST_FRAMEWORK = {
         'rest_framework.renderers.JSONRenderer',
     ),
     'DEFAULT_PERMISSION_CLASSES': [
-        'rest_framework.permissions.DjangoModelPermissions',
         'rest_framework.permissions.IsAuthenticated'
     ]
 }

requirements.txt

@@ -3,7 +3,7 @@ pyyaml==3.11
 celery==3.1.23
 django-registration==2.0.4
 django-tinymce==1.5.3
-djangorestframework==2.4.3
+djangorestframework==2.3.14
 gevent==0.13.6
 greenlet==0.4.11
 ncclient==0.5.3