search

IIT-BHU-InstiApp / lite-hai-backend

https://lite-hai.copsiitbhu.co.in/
13 stars 20 forks source link

Add Parliament end points #114

Closed JeeveshGarg closed 2 years ago

JeeveshGarg commented 2 years ago

Add contacts, updates and suggestions as sub section of parliament.

JeeveshGarg commented 2 years ago

With respect to parliamentContact:

  • Able to create parliamentContact even though the can_add_parliament_details is false
  • 1 user can have one designation only but I am able to create contact multiple times for the same user

parliamentSuggestion:

  • The author of the post should be able to edit/delete his suggestion. And also the users with can_add_parliament_details || can_add_notice true should be able to edit/remove any suggestion.

parliamentUpdates:

  • The author of the post should be able to edit/delete his update. And the user with can_add_parliament_details or can_add_notice true should also be able to edit/remove any updates. Infact, I think only the users within parliament contacts list or the one with can_add_parliament_details or can_add_notice true should be able to post/put/patch/delete the updates. Upvote, downvote and GET queries are for all. What would be your suggestion on this? @Vikhyath08

follow this conversation, i have one more doubt, ig in create and delete/update suggestion,

CASE 1: in create suggestion only permission needed is permissions.IsAuthenticated. Because we should allow users to add suggestions(will be updated or delete by only contacts of parliament later if required).

CASE 2: (folllow case 1) give permission to user made this suggestion or can_add_parliament_details or can_add_notice (with OR operator) to edit/delete its own suggestion.

CC @nb9960 @try-catch-stack @Vikhyath08.

and @Vikhyath08 please clarify permissions. Thanks.

Vikhyath08 commented 2 years ago

Infact, I think only the users within parliament contacts list or the one with can_add_parliament_details or can_add_notice true should be able to post/put/patch/delete the updates. Upvote, downvote and GET queries are for all. What would be your suggestion on this? @Vikhyath08

Yep, I agree with this. This is also the way the noticeboard has been implemented anyways, so it should work well. Also, the GET queries should be for all, while the upvote and downvote queries should only be for authenticated users.

Vikhyath08 commented 2 years ago

CASE 1: in create suggestion only permission needed is permissions.IsAuthenticated. Because we should allow users to add suggestions(will be updated or delete by only contacts of parliament later if required).

CASE 2: (folllow case 1) give permission to user made this suggestion or can_add_parliament_details or can_add_notice (with OR operator) to edit/delete its own suggestion.

CC @nb9960 @try-catch-stack @Vikhyath08.

and @Vikhyath08 please clarify permissions. Thanks.

Your thinking in both cases is spot on!

try-catch-stack commented 2 years ago

Infact, I think only the users within parliament contacts list or the one with can_add_parliament_details or can_add_notice true should be able to post/put/patch/delete the updates. Upvote, downvote and GET queries are for all. What would be your suggestion on this? @Vikhyath08

Yep, I agree with this. This is also the way the noticeboard has been implemented anyways, so it should work well. Also, the GET queries should be for all, while the upvote and downvote queries should only be for authenticated users.

Implemented the suggestions endpoints to retrieve a suggestion without authentication . Also the users with can_post_notice or can_add_parliament_details can not edit or delete a suggestion regardless of whether they have written that suggestion or not. Please review! Thank you

nb9960 commented 2 years ago

Good Work @try-catch-stack @JeeveshGarg, Merged!! :tada: