Fetch routes do not limit number of items for non-admin users #276
Labels
type: fix
Something isn't working
Comments
blenzi
pushed a commit
that referenced
this issue
Aug 7, 2023
- add limit and offset parameters with descriptions, to all routes that fetch lists from db (fix #243, #250) - use crud.fetch_all in all the routes above, to limit the number of items returned for non-admin users (fix #276) - forbid /installation/site-devices to access site outside of group, instead of filtering devices - improve test_installations.py (test_get_active_devices_on_site) - Dockerfile-dev: update FROM image name
|
Indeed, that's a mistake but that's specific to this route because we don't use a crud function here. Hopefully, not too many routes are affected, thanks for spotting it! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The routes that fetch objects from the db behave differently for admin and non-admin users. For admin, they are limited to 50 items while for non-admin users all the items are returned. For example: https://github.com/pyronear/pyro-api/blob/main/src/app/api/endpoints/alerts.py#L135
The text was updated successfully, but these errors were encountered: