We have basic authentication in the API but all the users have access to all the sites. We need to change it so that a user is assigned to a single client and has access to all the sites of that client.
Implementation
TODO
Other considerations
All the lines that look like
client = session.query(ClientSQL).first()
should be replaced by something like
client = get_client_for_user(auth)
Run git grep pv-site-api/issues/90 to find all (most?) of those.
Description
We have basic authentication in the API but all the users have access to all the sites. We need to change it so that a user is assigned to a single client and has access to all the sites of that client.
Implementation
TODO
Other considerations
All the lines that look like
should be replaced by something like
Run
git grep pv-site-api/issues/90
to find all (most?) of those.