From 3799a8b23aec055f5eafd31dee6b79601f6bfaa0 Mon Sep 17 00:00:00 2001
From: Luvpreet Singh <luvpreet.singh@vogo.in>
Date: Tue, 5 Feb 2019 19:18:31 +0530
Subject: [PATCH] feature(Secure API docs): added new flag to switch on/off the
 authentication needed to view the documentation of the APIs

---
 rest_framework/documentation.py | 15 +++++++++++----
 rest_framework/settings.py      |  3 +++
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/rest_framework/documentation.py b/rest_framework/documentation.py
index 3a78bb341..e8058e833 100644
--- a/rest_framework/documentation.py
+++ b/rest_framework/documentation.py
@@ -1,4 +1,5 @@
 from django.conf.urls import include, url
+from django.contrib.auth.decorators import login_required
 
 from rest_framework.renderers import (
     CoreJSONRenderer, DocumentationRenderer, SchemaJSRenderer
@@ -77,8 +78,14 @@ def include_docs_urls(
         authentication_classes=authentication_classes,
         permission_classes=permission_classes,
     )
-    urls = [
-        url(r'^$', docs_view, name='docs-index'),
-        url(r'^schema.js$', schema_js_view, name='schema-js')
-    ]
+    if api_settings.SECURE_DOCS is False:
+        urls = [
+            url(r'^$', docs_view, name='docs-index'),
+            url(r'^schema.js$', schema_js_view, name='schema-js')
+        ]
+    else:
+        urls = [
+            url(r'^$', login_required(docs_view), name='docs-index'),
+            url(r'^schema.js$', login_required(schema_js_view), name='schema-js')
+        ]
     return include((urls, 'api-docs'), namespace='api-docs')
diff --git a/rest_framework/settings.py b/rest_framework/settings.py
index 8db9c81ed..b2ccb40f2 100644
--- a/rest_framework/settings.py
+++ b/rest_framework/settings.py
@@ -128,6 +128,9 @@ DEFAULTS = {
         'retrieve': 'read',
         'destroy': 'delete'
     },
+
+    # Documentation
+    'SECURE_DOCS': False
 }