Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

React Form editor allows editing when user does not have write access #1000

Closed
6 tasks done
stevenbal opened this issue Nov 26, 2021 · 0 comments · Fixed by #1137
Closed
6 tasks done

React Form editor allows editing when user does not have write access #1000

stevenbal opened this issue Nov 26, 2021 · 0 comments · Fixed by #1137
Assignees
@Bartvaderkin
Labels
topic: admin
Milestone
Sprint #11

Comments

@stevenbal
Copy link
Contributor

stevenbal commented Nov 26, 2021
edited by Bartvaderkin
Loading

If React is enabled for the Form editor page via the General configuration, the Form admin page (/admin/forms/form/<form_id>) is editable for any user that is staff (even if these users do not have write permission)

Tested locally with a user that is staff and only has read permissions
image

Tasks

  • Add permission class(es) to API endpoints (form app related)
  • Write access (put/patch/post/delete) is ONLY given to staff users that have forms.change_form permission
  • Read access (get) to everything give to staff users that have form.change_form permission
  • Read access (get) to forms.form_LIST given to non-staff users that have forms.view_form permission
  • Read access (get) to forms.form_DETAIL given to anonymous users
  • Leave other app permissions as they are
@joeribekker joeribekker added this to the Sprint #11 milestone Dec 13, 2021
Bartvaderkin added a commit that referenced this issue Dec 30, 2021
@Bartvaderkin
[#1000] Implemented and applied custom permission for FormAPI viewsets
ab2b34e
@Bartvaderkin Bartvaderkin mentioned this issue Dec 30, 2021
Merged
Bartvaderkin added a commit that referenced this issue Dec 30, 2021
@Bartvaderkin
[#1000] Implemented and applied custom permission for FormAPI viewsets
10e64b3
@Bartvaderkin Bartvaderkin mentioned this issue Dec 30, 2021
Open
8 tasks
Bartvaderkin added a commit that referenced this issue Dec 30, 2021
@Bartvaderkin
[#1000] Added a first attempt at test matrix for the FormAPIPermissions
90dddbf
sergei-maertens added a commit that referenced this issue Jan 3, 2022
@sergei-maertens
Merge pull request #1137 from open-formulieren/feature/1000-form-api-…
e07e337 
…permissions

[#1000] Implemented and applied custom permission for FormAPI viewsets
Bartvaderkin added a commit that referenced this issue Jan 21, 2022
@Bartvaderkin
[#1000] Added a first attempt at test matrix for the FormAPIPermissions
4599780
Bartvaderkin added a commit that referenced this issue Jan 21, 2022
@Bartvaderkin
[#1000] Refactored permission tests into APIPermissionTestMixin shara…
8b30dfa 
…ble base
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Bartvaderkin Bartvaderkin

Labels
topic: admin
Projects
None yet
Milestone
Sprint #11
Development

Successfully merging a pull request may close this issue.

[#1000] Implemented and applied custom permission for FormAPI viewsets open-formulieren/open-forms
3 participants
@joeribekker @stevenbal @Bartvaderkin