diff --git a/wagtail/contrib/wagtailapi/endpoints.py b/wagtail/contrib/wagtailapi/endpoints.py index 469691df6..3164ec62f 100644 --- a/wagtail/contrib/wagtailapi/endpoints.py +++ b/wagtail/contrib/wagtailapi/endpoints.py @@ -91,6 +91,9 @@ class BaseAPIEndpoint(GenericViewSet): return {'title'} def get_serializer_context(self): + """ + The serialization context differs between listing and detail views. + """ request = self.request if self.action == 'listing_view': return { diff --git a/wagtail/contrib/wagtailapi/filters.py b/wagtail/contrib/wagtailapi/filters.py index 633769864..d6c52cfa0 100644 --- a/wagtail/contrib/wagtailapi/filters.py +++ b/wagtail/contrib/wagtailapi/filters.py @@ -117,8 +117,13 @@ class ChildOfFilter(BaseFilterBackend): except (ValueError, AssertionError): raise BadRequestError("child_of must be a positive integer") + # Get live pages that are not in a private section + pages = Page.objects.public().live() + # Filter by site + pages = pages.descendant_of(request.site.root_page, inclusive=True) + try: - parent_page = view.get_queryset(request).get(id=parent_page_id) + parent_page = pages.get(id=parent_page_id) queryset = queryset.child_of(parent_page) queryset._filtered_by_child_of = True return queryset @@ -139,8 +144,13 @@ class DescendantOfFilter(BaseFilterBackend): except (ValueError, AssertionError): raise BadRequestError("descendant_of must be a positive integer") + # Get live pages that are not in a private section + pages = Page.objects.public().live() + # Filter by site + pages = pages.descendant_of(request.site.root_page, inclusive=True) + try: - ancestor_page = view.get_queryset(request).get(id=ancestor_page_id) + ancestor_page = pages.get(id=ancestor_page_id) return queryset.descendant_of(ancestor_page) except Page.DoesNotExist: raise BadRequestError("ancestor page doesn't exist")