Skip to content

ProfileAvatar doesn't specify permissions #74

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
LilyFirefly merged 7 commits into from
Oct 28, 2014
Merged

ProfileAvatar doesn't specify permissions #74

LilyFirefly merged 7 commits into from
Oct 28, 2014

Conversation

@SemVerTsar
Copy link
Contributor

@SemVerTsar SemVerTsar commented Oct 28, 2014

ProfileAvatar doesn't set permission_classes. This should use IsAuthenticated to avoid the possibility of misconfiguration.

@LilyFirefly
Copy link
Author

LilyFirefly commented Oct 24, 2014

@meshy @nologo As we discussed.

@meshy
Copy link
Contributor

meshy commented Oct 24, 2014

👍

@SemVerTsar
Copy link
Contributor

SemVerTsar commented Oct 28, 2014

Review Please? Yes I'm aware of the typo in the branch name.

@coveralls
Copy link

coveralls commented Oct 28, 2014

Coverage Status

Coverage remained the same when pulling 8db59a2 on profile-avatat-perm into b94a288 on master.

LilyFirefly
LilyFirefly reviewed Oct 28, 2014
View reviewed changes
user_management/api/avatar/tests/test_views.py Outdated
Copy link

@LilyFirefly LilyFirefly Oct 28, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are you setting request.user for an unauthenticated request?

LilyFirefly
LilyFirefly reviewed Oct 28, 2014
View reviewed changes
user_management/api/avatar/views.py Outdated
Copy link

@LilyFirefly LilyFirefly Oct 28, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think IsAuthenticatedOrReadOnly is necessary.

Copy link
Contributor Author

@SemVerTsar SemVerTsar Oct 28, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The avatar will need to be gotten by unauthenticated users, so I think IsAuthenticatedOrReadOnly is correct.

Copy link

@LilyFirefly LilyFirefly Oct 28, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's what the UserAvatar view is for I think.

@coveralls
Copy link

coveralls commented Oct 28, 2014

Coverage Status

Coverage remained the same when pulling f1501a9 on profile-avatat-perm into b94a288 on master.

@coveralls
Copy link

coveralls commented Oct 28, 2014

Coverage Status

Coverage remained the same when pulling f3c632c on profile-avatat-perm into b94a288 on master.

LilyFirefly
LilyFirefly reviewed Oct 28, 2014
View reviewed changes
user_management/api/avatar/tests/test_views.py Outdated
Copy link

@LilyFirefly LilyFirefly Oct 28, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You don't care about this user any more.

@coveralls
Copy link

coveralls commented Oct 28, 2014

Coverage Status

Coverage remained the same when pulling 4c51b3f on profile-avatat-perm into b94a288 on master.

LilyFirefly
LilyFirefly reviewed Oct 28, 2014
View reviewed changes
user_management/api/avatar/tests/test_views.py Outdated
Copy link

@LilyFirefly LilyFirefly Oct 28, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

avatars.

Copy link

@LilyFirefly LilyFirefly Oct 28, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're not actually testing post here.

@coveralls
Copy link

coveralls commented Oct 28, 2014

Coverage Status

Coverage remained the same when pulling 3e62254 on profile-avatat-perm into b94a288 on master.

@coveralls
Copy link

coveralls commented Oct 28, 2014

Coverage Status

Coverage remained the same when pulling 70fa00b on profile-avatat-perm into b94a288 on master.

@SemVerTsar
Copy link
Contributor

SemVerTsar commented Oct 28, 2014

@ian-foote That should do it

@coveralls
Copy link

coveralls commented Oct 28, 2014

Coverage Status

Coverage remained the same when pulling f4a30e3 on profile-avatat-perm into b94a288 on master.

1 similar comment
@coveralls
Copy link

coveralls commented Oct 28, 2014

Coverage Status

Coverage remained the same when pulling f4a30e3 on profile-avatat-perm into b94a288 on master.

LilyFirefly pushed a commit that referenced this pull request Oct 28, 2014
Merge pull request #74 from incuna/profile-avatat-perm
2a610b9 
ProfileAvatar doesn't specify permissions
@LilyFirefly LilyFirefly merged commit 2a610b9 into master Oct 28, 2014
@LilyFirefly LilyFirefly deleted the profile-avatat-perm branch October 28, 2014 15:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@SemVerTsar @LilyFirefly @meshy @coveralls