Permissions for recruitmentapplicationforapplicantview #1860
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…e owner of the application to read or updated. Any authenticated user can update. Overrides destroy, partial_update and create to dissalow DELETE, PATCH and POST. Creating an application uses PUT.
Mathias-a
requested changes
Apr 24, 2025
There was a problem hiding this comment.
Se docs eksempel
https://www.django-rest-framework.org/api-guide/viewsets/
Mathias-a
reviewed
Apr 24, 2025
Comment on lines
+344
to
+355
| def destroy(self, request: Request, *args: tuple, **kwargs: dict[str, Any]) -> Response: | ||
| """Override destroy method to disallow deletion""" | ||
| return Response({'detail': 'DELETE operation not allowed.'}, status=status.HTTP_405_METHOD_NOT_ALLOWED) | ||
|
|
||
| def partial_update(self, request: Request, *args: tuple, **kwargs: dict[str, Any]) -> Response: | ||
| """Override partial_update method to disallow PATCH requests""" | ||
| return Response({'detail': 'PATCH operation not allowed.'}, status=status.HTTP_405_METHOD_NOT_ALLOWED) | ||
|
|
||
| def create(self, request: Request, *args: tuple, **kwargs: dict[str, Any]) -> Response: | ||
| """Override create method to disallow POST requests""" | ||
| # We only PUT; in the update method contains logic for saving a new application | ||
| return Response({'detail': 'POST operation not allowed.'}, status=status.HTTP_405_METHOD_NOT_ALLOWED) |
There was a problem hiding this comment.
TL;DR: dette bør ikke være nødvendig
There was a problem hiding this comment.
To much vibecode, will fix
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No permissions needed, just filter queryset by authenticated user.
Refactors RecruitmentApplicationForApplicantView to only allow for the owner of the application to read or updated. Any authenticated user can update.
Overrides destroy, partial_update and create to dissalow DELETE, PATCH and POST.
Creating an application uses PUT.
Overrides DRFs' get_queryset to only return applications created by the authenticated user.
💡 Kind of unrelated: deleted a duplicate API function in api.ts, we had two for the same endpoint and HTTP method, but only one was in use.
close #1723