search

eadwinCode / django-ninja-extra

Django Ninja Extra - Class-Based Utility and more for Django Ninja(Fast Django REST framework)
https://eadwincode.github.io/django-ninja-extra/
MIT License
386 stars 31 forks source link

Check Schema Validation first before check permissions. #192

Open Elixir-MeetThoriya opened 1 week ago

Elixir-MeetThoriya commented 1 week ago 
class UserPasswordSchema(Schema):
    password: str

    @login_required
    @model_validator(mode='after')
    @classmethod
    def check_password(cls, obj):
        check_user_password(password=obj.password)
        return obj

class UserResetPasswordSchema(UserPasswordSchema):
    pass
@http_post(
        path="{user_id}/reset-password/",
        response={
            HTTPStatus.OK: SuccessSchema,
            HTTPStatus.INTERNAL_SERVER_ERROR: ErrorSchema,
            HTTPStatus.BAD_REQUEST: ErrorSchema,
        },
        permissions=[AdminPermission],
        summary="Reset User Password",
        description="Allows admins to reset a user's password using their user ID.",
        url_name="reset_user_password"
    )
    def reset_password(self, user_id: int, payload: UserResetPasswordSchema):
           pass

why permissions check after the schema validation ??

eadwinCode commented 6 days ago

@Elixir-MeetThoriya I don't get your question

Elixir-MeetThoriya commented 4 days ago

when try to hit api, can't check permission first (here check schema validations first , after that check permissions ) # not valid