Closed JeeveshGarg closed 2 years ago
With respect to parliamentContact:
- Able to create parliamentContact even though the
can_add_parliament_details
isfalse
- 1 user can have one designation only but I am able to create contact multiple times for the same user
parliamentSuggestion:
- The author of the post should be able to edit/delete his suggestion. And also the users with
can_add_parliament_details || can_add_notice
true should be able to edit/remove any suggestion.parliamentUpdates:
- The author of the post should be able to edit/delete his update. And the user with
can_add_parliament_details or can_add_notice
true should also be able to edit/remove any updates. Infact, I think only the users within parliament contacts list or the one withcan_add_parliament_details or can_add_notice
true should be able to post/put/patch/delete the updates. Upvote, downvote and GET queries are for all. What would be your suggestion on this? @Vikhyath08
follow this conversation, i have one more doubt, ig in create and delete/update suggestion,
CASE 1:
in create suggestion only permission needed is permissions.IsAuthenticated
. Because we should allow users to add suggestions(will be updated or delete by only contacts of parliament later if required).
CASE 2: (folllow case 1)
give permission to user made this suggestion
or can_add_parliament_details
or can_add_notice
(with OR operator) to edit/delete its own suggestion.
CC @nb9960 @try-catch-stack @Vikhyath08.
and @Vikhyath08 please clarify permissions. Thanks.
Infact, I think only the users within parliament contacts list or the one with
can_add_parliament_details or can_add_notice
true should be able to post/put/patch/delete the updates. Upvote, downvote and GET queries are for all. What would be your suggestion on this? @Vikhyath08
Yep, I agree with this. This is also the way the noticeboard has been implemented anyways, so it should work well. Also, the GET queries should be for all, while the upvote and downvote queries should only be for authenticated users.
CASE 1: in create suggestion only permission needed is
permissions.IsAuthenticated
. Because we should allow users to add suggestions(will be updated or delete by only contacts of parliament later if required).CASE 2: (folllow case 1) give permission to
user made this suggestion
orcan_add_parliament_details
orcan_add_notice
(with OR operator) to edit/delete its own suggestion.CC @nb9960 @try-catch-stack @Vikhyath08.
and @Vikhyath08 please clarify permissions. Thanks.
Your thinking in both cases is spot on!
Infact, I think only the users within parliament contacts list or the one with
can_add_parliament_details or can_add_notice
true should be able to post/put/patch/delete the updates. Upvote, downvote and GET queries are for all. What would be your suggestion on this? @Vikhyath08Yep, I agree with this. This is also the way the noticeboard has been implemented anyways, so it should work well. Also, the GET queries should be for all, while the upvote and downvote queries should only be for authenticated users.
Implemented the suggestions endpoints to retrieve a suggestion without authentication . Also the users with can_post_notice or can_add_parliament_details can not edit or delete a suggestion regardless of whether they have written that suggestion or not. Please review! Thank you
Good Work @try-catch-stack @JeeveshGarg, Merged!! :tada:
Add contacts, updates and suggestions as sub section of parliament.