Closed Frama-99 closed 3 years ago
This seems to have broken the API endpoint for users- Django raises the exception of "django.urls.exceptions.NoReverseMatch: Reverse for 'equipmentrequest-detail' not found. 'equipmentrequest-detail' is not a valid view function or pattern name." when trying to access the /api/v1/users/ endpoint.
My guess is that this is related to adding the "basename" argument to router.register in urls.py. Could you guys look into this?
This seems to have broken the API endpoint for users- Django raises the exception of "django.urls.exceptions.NoReverseMatch: Reverse for 'equipmentrequest-detail' not found. 'equipmentrequest-detail' is not a valid view function or pattern name." when trying to access the /api/v1/users/ endpoint.
My guess is that this is related to adding the "basename" argument to router.register in urls.py. Could you guys look into this?
This is resolved by changing the user viewset from a HyperlinkedModelViewset to a ModelViewset.
We also decided to add a new viewset and API endpoint exclusively for admin members to retrieve all equipment requests. Made this design decision because we want admin members to be able to make requests at the regular endpoint as well, not just see all requests.
Currently, the /api/v1/equipment-requests API endpoint returns a list of all current and past requests, regardless of the authenticated user. This works well for an administrator (who might want to see all the request), but isn't ideal for members. We don't want a member to have potential access to another member's equipment request. Therefore, we need to modify this endpoint so that
The filtering feature that Django REST Framework has is probably the easiest way to do this: https://www.django-rest-framework.org/api-guide/filtering/#filtering-against-the-current-user