-
Notifications
You must be signed in to change notification settings - Fork 5.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Restrict access to user field #5194
Restrict access to user field #5194
Conversation
Codecov Report
@@ Coverage Diff @@
## master #5194 +/- ##
=========================================
- Coverage 91.81% 91.8% -0.02%
=========================================
Files 270 270
Lines 17503 17540 +37
Branches 1516 1523 +7
=========================================
+ Hits 16071 16102 +31
- Misses 1037 1040 +3
- Partials 395 398 +3
Continue to review full report at Codecov.
|
Here is the report for 8424bfd (maarcingebala/saleor @ restrict-user-access) No differences were found. (click me)
# api.benchmark checkout
test name left count right count duplicate count
------------------------------------------- ----------- ----------- ---------------
add billing address to checkout 34 34 20
add shipping to checkout 7 7 0
checkout payment charge 10 10 0
complete checkout 8 8 0
create checkout 5 5 1
# api.benchmark homepage
test name left count right count duplicate count
------------------------------------------- ----------- ----------- ---------------
retrieve main menu 5 5 0
retrieve product list 4 4 0
retrieve secondary menu 5 5 0
retrieve shop 2 2 0
# api.benchmark product
test name left count right count duplicate count
------------------------------------------- ----------- ----------- ---------------
product details 18 18 4
retrieve product attributes 9 9 0
# api.benchmark variant
test name left count right count duplicate count
------------------------------------------- ----------- ----------- ---------------
product variant bulk create 51 51 3
retrieve variant list 23 23 9
# api product sorting attributes
test name left count right count duplicate count
------------------------------------------- ----------- ----------- ---------------
sort product not having attribute data 21 21 0 |
It would be great to have more test cases where access is denied. |
This PR adds permission checks to all
User
fields to make sure that we return it only for staff users with proper permissions or for authenticated users fetching their own data.Pull Request Checklist