Skip to content
This repository was archived by the owner on Sep 27, 2022. It is now read-only.
This repository was archived by the owner on Sep 27, 2022. It is now read-only.

Object level permissions not implemented #21

Open
Open
Object level permissions not implemented#21
@cliffordh

Description

@cliffordh
cliffordh
opened on Dec 12, 2018

Reviewing the code I do not see object level permissions implemented. Thus, it is possible for an authenticated user to update/delete objects in another users account. See https://www.django-rest-framework.org/tutorial/4-authentication-and-permissions/#object-level-permissions for information on implementing object level permissions using rest framework.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions