Prevent users who are not granted updated privileges through roles for a table from updating that table

hackforla / peopledepot

A project to setup a datastore for people and projects at HackforLA. The link below takes you to the code documentation

https://hackforla.github.io/peopledepot/

GNU General Public License v2.0

5 stars 24 forks source link

Prevent users who are not granted updated privileges through roles for a table from updating that table #264

Closed ethanstrominger closed 4 days ago

ethanstrominger commented 4 months ago

Overview

As a user I want only authorized users to update information so that the information is accurate.

Solution

Sample code for preventing unauthorized updates

if not request.user.has_perm('core.change_practice_area'):
    # If the user doesn't have permission, return forbidden response
   return HttpResponseForbidden("You don't have permission to update practice area.")

Similar code can be written for creating and deleting.

Action Items

[ ] Implement code
[ ] Write tests