You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add a "protected" attribute to the label model. Prevent events that include this label from creation, modification and deletion.
Implementation steps:
Add protected = BooleanField() to class Label(Document).
Add "protected": fields.Boolean to label_model in label_resources.py
The methods in event_resources.py query whether any labels are protected. If so, they abort with a 401 status.
There is probably a simple mongodb query (using aggregates?) to query all the labels in a list of strings, project their protected attributes, and compute the "or" of those values. Maybe there is also a way to express this in mongoengine.
This issue disables any modification to protected events. #239 re-enables access for administrators.
The text was updated successfully, but these errors were encountered:
osteele
changed the title
An unauthorized user must not be able to edit an event that is tagged with a protected tag
A client must not be able to edit an event that is tagged with a protected tag
May 3, 2018
osteele
changed the title
A client must not be able to edit an event that is tagged with a protected tag
A client must not be able to edit an event that is tagged with a protected label
May 7, 2018
Add a "protected" attribute to the label model. Prevent events that include this label from creation, modification and deletion.
Implementation steps:
protected = BooleanField()
to classLabel(Document)
."protected": fields.Boolean
tolabel_model
inlabel_resources.py
event_resources.py
query whether any labels are protected. If so, they abort with a 401 status.There is probably a simple mongodb query (using aggregates?) to query all the labels in a list of strings, project their
protected
attributes, and compute the "or" of those values. Maybe there is also a way to express this in mongoengine.This issue disables any modification to protected events. #239 re-enables access for administrators.
The text was updated successfully, but these errors were encountered: