Skip to content

Permissions should not be checked in serializers #343

New issue
New issue
Open
Open
Permissions should not be checked in serializers#343
Labels
backendenhancementimprove an existing featurehelp wantedExtra attention is neededpythonPull requests that update Python code
@sampaccoud

Description

@sampaccoud
sampaccoud
opened on Oct 16, 2024

Bug Report

Problematic behavior
As discussed in PR #329, some permissions are checked in serializers which may not be a best practise.

Expected behavior/code
Permissions should be checked in permissions.
Don't break the beauty of abilities based permission. This is very useful in the frontend because the frontend knows beforehand what the user can do. The fact that permissions are computed on the same object ensures security and predictability of permissions. It also ensures a very clean code so let's not compromise this with the refactoring discussed here.

Metadata

Metadata

Assignees

No one assigned

    Labels

    backendenhancementimprove an existing featurehelp wantedExtra attention is neededpythonPull requests that update Python code

    Type

    No type

    Projects

    La Suite Docs

    Status

    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions