Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

resend_activation action uses password_reset permission from settings #761

Open
73VW opened this issue Sep 7, 2023 · 1 comment
Open

resend_activation action uses password_reset permission from settings #761

73VW opened this issue Sep 7, 2023 · 1 comment
Labels
help wanted

Comments

@73VW
Copy link

73VW commented Sep 7, 2023

Hello there,

As mentionned in the title of this issue, resend_activation action uses the password_reset permission from the settings:

    def get_permissions(self):
        ...
        elif self.action == "resend_activation":
            self.permission_classes = settings.PERMISSIONS.password_reset
        ...

What is the reason of this? In my opinion, it should use its own permession or at least the activation permission.

I can open a PR in order to fix this if needed.
@tomwojcik
Copy link
Contributor

On one hand both actions, resend_activation and password_reset, involve sending an email to the user to perform an action that changes the state of the user account (activating it or resetting its password). So imo it's not necessarily a bug.

On the other hand, your observation is valid. It does make sense to introduce this additional granularity, especially due to semantic reasons. All the other actions have the permissions named after them, respectively.

PR welcome.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tomwojcik @73VW