Open Elixir-MeetThoriya opened 1 week ago
class UserPasswordSchema(Schema): password: str @login_required @model_validator(mode='after') @classmethod def check_password(cls, obj): check_user_password(password=obj.password) return obj class UserResetPasswordSchema(UserPasswordSchema): pass
@http_post( path="{user_id}/reset-password/", response={ HTTPStatus.OK: SuccessSchema, HTTPStatus.INTERNAL_SERVER_ERROR: ErrorSchema, HTTPStatus.BAD_REQUEST: ErrorSchema, }, permissions=[AdminPermission], summary="Reset User Password", description="Allows admins to reset a user's password using their user ID.", url_name="reset_user_password" ) def reset_password(self, user_id: int, payload: UserResetPasswordSchema): pass
why permissions check after the schema validation ??
@Elixir-MeetThoriya I don't get your question
when try to hit api, can't check permission first (here check schema validations first , after that check permissions ) # not valid
why permissions check after the schema validation ??