Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Endpoint analyse/ fixed for read-only users #817

Closed
wants to merge 4 commits into from
Closed

Endpoint analyse/ fixed for read-only users #817

wants to merge 4 commits into from

Conversation

ishanExtreme
Copy link
Contributor

Issue Fixed

fixes #813

Updates

The bug is because analyze is a post request

//viewset/daily_round.py line 49
@action(methods=["POST"], detail=False)
    def analyse(self, request, **kwargs):

and DailyRound model doesn't allow POST,PUT,PATCH by read-only users

models/daily_round.py line 407  
@staticmethod
    def has_write_permission(request):
        if (
            request.user.user_type == User.TYPE_VALUE_MAP["DistrictReadOnlyAdmin"]
            or request.user.user_type == User.TYPE_VALUE_MAP["StateReadOnlyAdmin"]
            or request.user.user_type == User.TYPE_VALUE_MAP["StaffReadOnly"]
        ):
            return False
        return DailyRound.has_read_permission(request)

Converting analyze endpoint to GET request fixed the issue

Demo

Screenshot from 2022-06-04 13-55-55

@ishanExtreme ishanExtreme requested a review from a team as a code owner June 4, 2022 08:31
@ishanExtreme ishanExtreme requested a review from sainak June 4, 2022 08:31
sainak
sainak requested changes Jun 4, 2022
View reviewed changes
care/facility/api/viewsets/daily_round.py Outdated Show resolved Hide resolved
care/facility/api/viewsets/daily_round.py Outdated Show resolved Hide resolved
care/facility/api/viewsets/daily_round.py Outdated Show resolved Hide resolved
care/facility/api/viewsets/daily_round.py Outdated Show resolved Hide resolved
sainak
sainak requested changes Jun 4, 2022
View reviewed changes
care/facility/api/viewsets/daily_round.py Outdated Show resolved Hide resolved
@sainak sainak self-requested a review June 4, 2022 11:26
sainak
sainak approved these changes Jun 4, 2022
View reviewed changes
Copy link
Member

@sainak sainak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@sainak sainak requested a review from vigneshhari June 4, 2022 11:28
@ishanExtreme
Copy link
Contributor Author

Once approved I will make a PR at frontend to change endpoint to GET. So these PR at frontend and backend can be merged at same time @vigneshhari

@ishanExtreme ishanExtreme mentioned this pull request Jun 5, 2022
Closed
vigneshhari
vigneshhari requested changes Jun 6, 2022
View reviewed changes
care/facility/api/viewsets/daily_round.py
@@ -45,22 +45,20 @@ def get_serializer(self, *args, **kwargs):
).id
return super().get_serializer(*args, **kwargs)

@action(methods=["POST"], detail=False)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This endpoint should only be performed over POST to ensure that the filters do not exceed the max allowed character limit in GET, change the permission instead of the HTTP method, which means no changes in FE as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vigneshhari vigneshhari vigneshhari requested changes

@Marmik2003 Marmik2003 Marmik2003 approved these changes

@sainak sainak sainak approved these changes

Assignees
No one assigned
Labels
waiting-for-review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Endpoint /consultation/consultationId/daily_rounds/analyse/ giving error for read-only users
4 participants
@ishanExtreme @vigneshhari @Marmik2003 @sainak