As a Developer,
I want to ensure that only authenticated investors can subscribe to projects, so that the system is secure and follows proper authorization practices.
Technical Task:
Set up permissions:
Ensure the SubscriptionCreateView requires the user to be authenticated and that they have the investor role.
This can be done using DRF permissions and custom permission classes (e.g., IsInvestor).
Acceptance Criteria:
Only authenticated users with the investor role can access the subscription creation endpoint.
Unauthorized access is met with a 403 Forbidden error.
Implement Permissions for Investors
As a Developer,
I want to ensure that only authenticated investors can subscribe to projects,
so that the system is secure and follows proper authorization practices.
Technical Task:
SubscriptionCreateView
requires the user to be authenticated and that they have theinvestor
role.IsInvestor
).Acceptance Criteria:
investor
role can access the subscription creation endpoint.403 Forbidden
error.US #56