|
|
2d7335ff85
|
refactor(access): Rename model Organization -> Tenant
ref: #756 #505
|
2025-05-15 02:44:53 +09:30 |
|
|
|
0f5b2b6630
|
fix(core): Use object organization for ticket linked items
ref: #434 #441
|
2024-12-22 21:04:24 +09:30 |
|
|
|
6c95105528
|
refactor(access): Adjust permission check logic to use try..catch instead of gettattr due to base method throwing exception
if method is not overridden, the base class throws an exception instead of returning None
ref: #434 #441
|
2024-12-22 19:02:21 +09:30 |
|
|
|
40e2da5d8f
|
fix(access): During permission checking also use get_serializer if avail
ref: #434 #441
|
2024-12-22 18:15:03 +09:30 |
|
|
|
116655cf2e
|
fix(access): default to empty when attempting to get view attribute
ref: #434 #441
|
2024-12-22 17:45:39 +09:30 |
|
|
|
9b528c2c0a
|
feat(access): Check if organization field is read-only during permission check
ref: #434 #441
|
2024-12-22 17:22:52 +09:30 |
|
|
|
47df49012d
|
feat(access): Ability to specify parent model for permission to do
ref: #434 #441
|
2024-12-22 17:21:13 +09:30 |
|
|
|
56112b7ce8
|
revert(api): during permission checking, if model is an organization and the user is a manager allow access to the organization.
ref: #425 #426
|
2024-12-20 12:17:57 +09:30 |
|
|
|
e282d9967c
|
feat(api): during permission checking, if model is an organization and the user is a manager allow access to the organization.
ref: #425 #426
|
2024-12-20 12:16:56 +09:30 |
|
|
|
2c934d4eaf
|
fix(api): Ensure METHOD_NOT_ALLOWED exception is thrown
ref: #15 #248 #368 #374
|
2024-11-28 02:22:21 +09:30 |
|
|
|
7e92760340
|
fix(api): on permission check error, return authorized=false
ref: #248 #352
|
2024-11-28 02:22:00 +09:30 |
|
|
|
1f9070c420
|
fix(api): correct logic for permission check to use either queryset or get_queryset
ref: #248 #345 #346
|
2024-11-28 02:20:27 +09:30 |
|
|
|
ad1b35dfc7
|
fix(api): during permission checking if request is HTTP/Options and user is authenticated, allow access
ref: #345 #346
|
2024-11-28 02:19:21 +09:30 |
|
|
|
cf8014a26b
|
fix(api): during permission checking dont attempt to access view obj if it doesn't exist
ref: #345 #346
|
2024-11-28 02:18:26 +09:30 |
|
|
|
61f34876ed
|
fix(core): Ensure user cant view tickets in orgs they are not part of
ref: #399
|
2024-11-28 01:40:24 +09:30 |
|
|
|
53489ec43b
|
feat(access): add ability to fetch dynamic permissions
ref: #250 #96 #93 #95 #90 #263
|
2024-09-03 17:00:22 +09:30 |
|
|
|
3a9e4b29b3
|
fix(api): confirm HTTP method is allowed before permission check
return HTTP/405 for logged in user ONLY!!
!44 #159
|
2024-07-29 17:02:52 +09:30 |
|
|
|
505f4cfdd9
|
fix(api): ensure proper permission checking
!24 fixes #55
|
2024-06-11 22:18:50 +09:30 |
|
|
|
7fe1260308
|
feat(access): throw error if no organization added
!17
|
2024-06-03 14:28:12 +09:30 |
|
|
|
f41282d08b
|
fix(api): check for org must by by type None
!16
|
2024-06-02 03:58:09 +09:30 |
|
|
|
c3f3c1247e
|
chore(api): implement workaround for listview
until logic written, all listview access=true
!16
|
2024-06-02 01:39:23 +09:30 |
|
|
|
33b1a6c91d
|
refactor(api): move permission check to mixin
!16
|
2024-06-02 01:03:05 +09:30 |
|
