Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PS-160: require superuser or official for event put delete #165

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

PS-160: require superuser or official for event put delete #165

wants to merge 4 commits into from

Conversation

danipran
Copy link
Contributor

@danipran danipran commented Nov 22, 2024
edited
Loading

⚠️ NOTE: DO NOT MERGE BEFORE THE FRONT-END COUNTERPART IS DONE ⚠️

Require superuser or official status for event view put/delete. This itself is a breaking change, but this also changes the response code for unauthenticated requests/requests with insufficient permissions to 401/403 (from 404).

Also refactor the tests a bit.

@danipran danipran requested a review from a team November 22, 2024 13:21
@danipran
Copy link
Contributor Author

Need to add cases for patching (contractors should be allowed to PATCH event state).

@danipran danipran marked this pull request as draft November 22, 2024 13:45
@danipran danipran marked this pull request as ready for review November 27, 2024 13:26
@danipran danipran force-pushed the PS-160/require-superuser-official-for-event-put-delete branch from dcd2519 to 7372ce3 Compare November 27, 2024 14:03
@terovirtanen
Copy link
Contributor

PUISTOTALKOOT-API branch is deployed to platta: https://puistotalkoot-pr165.api.dev.hel.ninja 🚀🚀🚀

voneiden
voneiden approved these changes Nov 28, 2024
View reviewed changes
Copy link

@voneiden voneiden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, the use of generic permission logic is pleasing to the eye.

@danipran danipran mentioned this pull request Dec 2, 2024
Merged
@danipran
feat(events): add new permission classes
b3c9153 
ReadOnly, IsOfficial and IsSuperUser

Refs: PS-160, PS-159
@danipran
feat(events)!: require superuser/official status for event put/delete
a937841 
BREAKING CHANGE: event view responds with 403/401 instead of 404
if the request has insufficient permissions or tries to access
an endpoint that requires authentication
BREAKING CHANGE: event update & delete requires superuser or official
status (i.e. contractor cannot modify or delete their own events
anymore)

Refs: PS-160, PS-159
@danipran
feat: add permission for allowing state patching
8ae11a2 
Refs: PS-160, PS-159
@danipran
feat: allow authenticated users to patch event state
c871710 
Refs: PS-160, PS-159
@danipran danipran force-pushed the PS-160/require-superuser-official-for-event-put-delete branch from 7372ce3 to c871710 Compare December 3, 2024 09:04
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Dec 3, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@terovirtanen
Copy link
Contributor

PUISTOTALKOOT-API branch is deployed to platta: https://puistotalkoot-pr165.api.dev.hel.ninja 🚀🚀🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@voneiden voneiden voneiden approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@danipran @terovirtanen @voneiden