Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent users who are not granted updated privileges through roles for a table from updating that table #56

Closed
2 tasks
fyliu opened this issue May 30, 2024 · 0 comments
Closed
2 tasks

Prevent users who are not granted updated privileges through roles for a table from updating that table #56

fyliu opened this issue May 30, 2024 · 0 comments

Comments

@fyliu
Copy link
Owner

fyliu commented May 30, 2024

Overview

As a user I want only authorized users to update information so that the information is accurate.

Solution

  • Sample code for preventing unauthorized updates
    if not request.user.has_perm('core.change_practice_area'):
        # If the user doesn't have permission, return forbidden response
       return HttpResponseForbidden("You don't have permission to update practice area.")

Similar code can be written for creating and deleting.

Action Items

  • Implement code
  • Write tests
@fyliu fyliu closed this as completed May 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@fyliu