Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Endpoint analyse/ fixed for read-only users #814

Merged
merged 3 commits into from
Jun 10, 2022
Merged

Endpoint analyse/ fixed for read-only users #814

merged 3 commits into from
Jun 10, 2022

Conversation

ishanExtreme
Copy link
Contributor

Issue Fixed

fixes #813

Updates

The bug is because analyze is a post request

//viewset/daily_round.py line 49
@action(methods=["POST"], detail=False)
    def analyse(self, request, **kwargs):

and DailyRound model doesn't allow POST,PUT,PATCH by read-only users

models/daily_round.py line 407  
@staticmethod
    def has_write_permission(request):
        if (
            request.user.user_type == User.TYPE_VALUE_MAP["DistrictReadOnlyAdmin"]
            or request.user.user_type == User.TYPE_VALUE_MAP["StateReadOnlyAdmin"]
            or request.user.user_type == User.TYPE_VALUE_MAP["StaffReadOnly"]
        ):
            return False
        return DailyRound.has_read_permission(request)

So adding an exception to /analyze route fixed the issue, we are still checking has_read_permission() to identify whether user is of same facility or not...

Demo

Screenshot from 2022-06-03 17-15-07

@ishanExtreme ishanExtreme requested a review from a team as a code owner June 3, 2022 11:53
@ishanExtreme ishanExtreme reopened this Jun 6, 2022
vigneshhari
vigneshhari requested changes Jun 8, 2022
View reviewed changes
care/facility/models/daily_round.py Outdated Show resolved Hide resolved
@ishanExtreme
Copy link
Contributor Author

ishanExtreme commented Jun 10, 2022
edited
Loading

Screenshot from 2022-06-10 15-12-45

@vigneshhari changes done

vigneshhari
vigneshhari approved these changes Jun 10, 2022
View reviewed changes
Copy link
Member

@vigneshhari vigneshhari left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved, Needs Sec Review!

@vigneshhari vigneshhari merged commit 1e5e6fa into ohcnetwork:master Jun 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vigneshhari vigneshhari vigneshhari approved these changes

Assignees
No one assigned
Labels
waiting-for-review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Endpoint /consultation/consultationId/daily_rounds/analyse/ giving error for read-only users
2 participants
@ishanExtreme @vigneshhari