|
|
2d7335ff85
|
refactor(access): Rename model Organization -> Tenant
ref: #756 #505
|
2025-05-15 02:44:53 +09:30 |
|
|
|
6d92c484cd
|
refactor(access): Update all references to User to use get_user_model()
ref: #754 #704 #755
|
2025-05-14 03:45:40 +09:30 |
|
|
|
626a5ccb11
|
refactor(access): when fetching parent object, use the parent_model get function
ref: #744
|
2025-05-09 20:06:45 +09:30 |
|
|
|
04ffe056ae
|
test(api): AuthToken ViewSet checks
ref: #650 #649
|
2025-02-26 00:06:06 +09:30 |
|
|
|
77226f75fc
|
refactor(access): Update access imports to neew path
ref: #640 #641
|
2025-02-19 20:34:28 +09:30 |
|
|
|
136f907cd5
|
docs(access): Add type to parent_model attribute within Organization Mixin
ref: #389 #525
|
2025-02-08 21:44:08 +09:30 |
|
|
|
b419c03774
|
fix(access): When conduting permission check for user settings, if user not owner of settings, deny access
ref: #471 #511
|
2025-02-01 17:56:14 +09:30 |
|
|
|
b7cdb21136
|
fix(access): when checking object permissions, dont cast obj to int untill checking it exists
ref: #471 #511
|
2025-02-01 17:36:29 +09:30 |
|
|
|
a4788aba75
|
fix(access): org mixin get_obj_org not to call get_object
ref: #471 #511
|
2025-02-01 16:58:39 +09:30 |
|
|
|
b6593c6825
|
refactor(access): when checking obj permission use view cached obj organization
ref: #471 #511
|
2025-02-01 16:30:01 +09:30 |
|
|
|
f9393a59d2
|
chore(access): Remove extra calls to get_obj_permission from permission Mixin has_permission
ref: #471 #511
|
2025-02-01 16:27:26 +09:30 |
|
|
|
22b02dc044
|
refactor(access): When fetching obj org, if pk exist attempt to fetch object
ref: #471 #511
|
2025-02-01 16:26:02 +09:30 |
|
|
|
b8cac94f9a
|
fix(settings): grant the user access to their own settings object
ref: #485 #486
|
2025-01-24 15:17:07 +09:30 |
|
|
|
a1207bfb0f
|
fix(settings): grant the user access to their own settings
ref: #485 #486
|
2025-01-23 22:47:55 +09:30 |
|
|
|
9b40668a30
|
fix(access): use request object passed to has_object_permission
ref: #473 #474
|
2025-01-18 23:43:11 +09:30 |
|
|
|
e5d23cc1fa
|
refactor(access): Move user perm logic to request.tenancy object
ref: #473 #474
|
2025-01-18 17:57:17 +09:30 |
|
|
|
6bf40e469c
|
refactor: Move app_settings object to request object
ref: #473
|
2025-01-18 17:55:54 +09:30 |
|
|
|
7f16a06131
|
refactor(access): cache app settings during perm check
ref: #469 #471
|
2025-01-17 01:57:06 +09:30 |
|
|
|
bd07c83cfc
|
refactor(access): prefetch team related fields
ref: #469 #471
|
2025-01-17 01:50:02 +09:30 |
|
|
|
dd72843ffb
|
feat(access): Enable Objects from global organization to be viewable by user with the permission
ref: #448 #459
|
2025-01-03 12:14:26 +09:30 |
|
|
|
a4a9f2c3a9
|
feat(access): Enable the calling of the dynamic permissions function to obtain permissions
creates recursive loop
ref: #437 #459
|
2025-01-02 17:01:01 +09:30 |
|
|
|
f7b444b8e4
|
fix(access): If no org specified during permission check, rtn false for permission
ref: #437 #459
|
2025-01-01 18:25:44 +09:30 |
|
|
|
4656617583
|
fix(access): Cached list objects must be a list including an empty one as required
ref: #442 #456
|
2024-12-28 18:31:53 +09:30 |
|
|
|
08b113b1ba
|
feat(access): During permission checking also capture Http404
ref: #442 #456
|
2024-12-28 18:06:22 +09:30 |
|
|
|
a07dee370c
|
refactor(access): Use exceptions for permission flow as required
ref: #442 #456
|
2024-12-28 17:33:11 +09:30 |
|
|
|
fbaf8770df
|
feat(access): Super User to be granted permission
ref: #442 #456
|
2024-12-28 16:19:35 +09:30 |
|
|
|
e96916768e
|
feat(access): Cache the permission required during permission checking
ref: #442 #456
|
2024-12-28 15:47:12 +09:30 |
|
|
|
62fcb5aa01
|
test(api): Adjust test case for metadata visibility
view user only
ref: #442 #456
|
2024-12-27 22:28:12 +09:30 |
|
|
|
1c87eeb188
|
feat(access): If the user lacks the permission during permission checks, return sooner
ref: #442 #456
|
2024-12-27 18:51:10 +09:30 |
|
|
|
17e437ce68
|
fix(access): Use request.method for determining the HTTP/Method for permission checks
ref: #442 #456
|
2024-12-27 18:50:09 +09:30 |
|
|
|
7c62643c6c
|
feat(access): Enforce view action and HTTP/Method match for permission checks
ref: #442 #456
|
2024-12-27 18:26:58 +09:30 |
|
|
|
10becacbf7
|
fix(access): Add HTTP/Method=DELETE as valid option for object delete/destroy.
ref: #442 #454
|
2024-12-26 15:31:02 +09:30 |
|
|
|
534186a7f9
|
fix(access): Ensure Object permission are checked when an object is having an action performed against it.
ref: #442 #454
|
2024-12-26 14:11:05 +09:30 |
|
|
|
4be1e97cbe
|
refactor(access): Object permission checking moved to has_object_permission function
ref: #442 #454
|
2024-12-26 00:49:40 +09:30 |
|
|
|
f2181b018d
|
refactor(access): move ability to get required permissions from permissions mixin to organization mixin
ref: #442 #454
|
2024-12-26 00:33:21 +09:30 |
|
|
|
96ff5bd839
|
refactor(access): Organization Permission Mixin now caters for API ONLY
ref: #442 #454
|
2024-12-25 20:57:45 +09:30 |
|
|
|
d61929adaa
|
refactor(access): Organization Mixin now caters for API ONLY
ref: #442 #454
|
2024-12-25 20:57:31 +09:30 |
|
