|
|
2d7335ff85
|
refactor(access): Rename model Organization -> Tenant
ref: #756 #505
|
2025-05-15 02:44:53 +09:30 |
|
|
|
04ffe056ae
|
test(api): AuthToken ViewSet checks
ref: #650 #649
|
2025-02-26 00:06:06 +09:30 |
|
|
|
77226f75fc
|
refactor(access): Update access imports to neew path
ref: #640 #641
|
2025-02-19 20:34:28 +09:30 |
|
|
|
b419c03774
|
fix(access): When conduting permission check for user settings, if user not owner of settings, deny access
ref: #471 #511
|
2025-02-01 17:56:14 +09:30 |
|
|
|
b7cdb21136
|
fix(access): when checking object permissions, dont cast obj to int untill checking it exists
ref: #471 #511
|
2025-02-01 17:36:29 +09:30 |
|
|
|
b6593c6825
|
refactor(access): when checking obj permission use view cached obj organization
ref: #471 #511
|
2025-02-01 16:30:01 +09:30 |
|
|
|
f9393a59d2
|
chore(access): Remove extra calls to get_obj_permission from permission Mixin has_permission
ref: #471 #511
|
2025-02-01 16:27:26 +09:30 |
|
|
|
b8cac94f9a
|
fix(settings): grant the user access to their own settings object
ref: #485 #486
|
2025-01-24 15:17:07 +09:30 |
|
|
|
a1207bfb0f
|
fix(settings): grant the user access to their own settings
ref: #485 #486
|
2025-01-23 22:47:55 +09:30 |
|
|
|
9b40668a30
|
fix(access): use request object passed to has_object_permission
ref: #473 #474
|
2025-01-18 23:43:11 +09:30 |
|
|
|
e5d23cc1fa
|
refactor(access): Move user perm logic to request.tenancy object
ref: #473 #474
|
2025-01-18 17:57:17 +09:30 |
|
|
|
6bf40e469c
|
refactor: Move app_settings object to request object
ref: #473
|
2025-01-18 17:55:54 +09:30 |
|
|
|
7f16a06131
|
refactor(access): cache app settings during perm check
ref: #469 #471
|
2025-01-17 01:57:06 +09:30 |
|
|
|
dd72843ffb
|
feat(access): Enable Objects from global organization to be viewable by user with the permission
ref: #448 #459
|
2025-01-03 12:14:26 +09:30 |
|
|
|
08b113b1ba
|
feat(access): During permission checking also capture Http404
ref: #442 #456
|
2024-12-28 18:06:22 +09:30 |
|
|
|
a07dee370c
|
refactor(access): Use exceptions for permission flow as required
ref: #442 #456
|
2024-12-28 17:33:11 +09:30 |
|
|
|
fbaf8770df
|
feat(access): Super User to be granted permission
ref: #442 #456
|
2024-12-28 16:19:35 +09:30 |
|
|
|
1c87eeb188
|
feat(access): If the user lacks the permission during permission checks, return sooner
ref: #442 #456
|
2024-12-27 18:51:10 +09:30 |
|
|
|
17e437ce68
|
fix(access): Use request.method for determining the HTTP/Method for permission checks
ref: #442 #456
|
2024-12-27 18:50:09 +09:30 |
|
|
|
7c62643c6c
|
feat(access): Enforce view action and HTTP/Method match for permission checks
ref: #442 #456
|
2024-12-27 18:26:58 +09:30 |
|
|
|
10becacbf7
|
fix(access): Add HTTP/Method=DELETE as valid option for object delete/destroy.
ref: #442 #454
|
2024-12-26 15:31:02 +09:30 |
|
|
|
534186a7f9
|
fix(access): Ensure Object permission are checked when an object is having an action performed against it.
ref: #442 #454
|
2024-12-26 14:11:05 +09:30 |
|
|
|
4be1e97cbe
|
refactor(access): Object permission checking moved to has_object_permission function
ref: #442 #454
|
2024-12-26 00:49:40 +09:30 |
|
|
|
f2181b018d
|
refactor(access): move ability to get required permissions from permissions mixin to organization mixin
ref: #442 #454
|
2024-12-26 00:33:21 +09:30 |
|
|
|
96ff5bd839
|
refactor(access): Organization Permission Mixin now caters for API ONLY
ref: #442 #454
|
2024-12-25 20:57:45 +09:30 |
|
