feat: enhance permissions for workplace and academic supervisors in U…

[kdujordan]

…serDetailView

[coderabbitai]

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Free

Run ID: bad5c11d-ec1b-473e-b9d9-d7b8d1dcd35d

📥 Commits

Reviewing files that changed from the base of the PR and between c3d6c2a and 17b5c44.

📒 Files selected for processing (1)

• logify-backend/apps/accounts/views.py

---

Summary by CodeRabbit

• Improvements
  • Strengthened supervisor access controls for viewing user details: workplace and academic supervisors are now explicitly verified and may only view information for interns they supervise. Unauthorized attempts are denied with supervisor-specific responses to prevent inadvertent data exposure.

Walkthrough

UserDetailView.get_object now enforces supervisor-specific access: WORKPLACE_SUPERVISOR and ACADEMIC_SUPERVISOR may view a target user only when an InternshipPlacements record links the supervisor to that intern; otherwise access is denied with a role-specific PermissionDenied.

Changes

Cohort / File(s)	Summary
Supervisor Access Control logify-backend/apps/accounts/views.py	Added early role-specific authorization in UserDetailView.get_object that checks InternshipPlacements assignments for WORKPLACE_SUPERVISOR and ACADEMIC_SUPERVISOR and raises role-specific PermissionDenied when no assignment exists.

Sequence Diagram(s)

sequenceDiagram
    participant Requester as Requester (supervisor)
    participant View as UserDetailView
    participant DB as InternshipPlacements DB
    participant Target as Target User

    Requester->>View: GET /users/{id}
    View->>DB: query placement where intern=Target and (workplace_supervisor=Requester OR academic_supervisor=Requester)
    alt placement found
        View->>Target: return user object
        View-->>Requester: 200 OK (user data)
    else no placement
        View-->>Requester: 403 PermissionDenied (role-specific message)
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 I hopped through lines of code today,
Checked who may look and who must stay,
If the placement ties are true and bright,
I let them glimpse — else lock it tight! 🔐

---

Note

🎁 Summarized by CodeRabbit Free

Your organization is on the Free plan. CodeRabbit will generate a high-level summary and a walkthrough for each pull request. For a comprehensive line-by-line review, please upgrade your subscription to CodeRabbit Pro by visiting https://app.coderabbit.ai/login.

_{Review rate limit: 1/3 review remaining, refill in 34 minutes and 43 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cloudflare-workers-and-pages]

Deploying logify-frontend with    Cloudflare Pages

Latest commit:	17b5c44
Status:	✅  Deploy successful!
Preview URL:	https://649ba184.logify-frontend.pages.dev
Branch Preview URL:	https://fix-unknown-intern.logify-frontend.pages.dev

View logs

[Joshkovu]

Good 👍