Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent users who are not granted updated privileges through roles for a table from updating that table #264

Closed
2 tasks
ethanstrominger opened this issue Feb 28, 2024 · 0 comments
Closed
2 tasks

Prevent users who are not granted updated privileges through roles for a table from updating that table #264

ethanstrominger opened this issue Feb 28, 2024 · 0 comments
Labels
complexity: missing ethan feature: missing role: missing size: missing stakeholder: missing

Comments

@ethanstrominger
Copy link
Member

Overview

As a user I want only authorized users to update information so that the information is accurate.

Solution

  • Sample code for preventing unauthorized updates
    if not request.user.has_perm('core.change_practice_area'):
        # If the user doesn't have permission, return forbidden response
       return HttpResponseForbidden("You don't have permission to update practice area.")

Similar code can be written for creating and deleting.

Action Items

  • Implement code
  • Write tests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
complexity: missing ethan feature: missing role: missing size: missing stakeholder: missing
Projects
P: PD: Project Board
Status: ✅Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ethanstrominger @ExperimentsInHonesty