Skip to content
Snippets Groups Projects
Select Git revision
  • main default protected
  • fix/media_id_source protected
  • rename-playlist-playlistentry
  • feat/site-data protected
  • kmohrf/program-calendar-populate-filter
  • feat/249-episodes protected
  • add-playlists
  • fix-push-latest-with-tag protected
  • ci-trigger-aura-tests
  • kmohrf/virtual-timeslot-fixes
  • kmohrf/fix-configuration-error-api-responses
  • kmohrf/id-filters
  • refactor-playout-endpoint-210
  • fix-aura-sysuser protected
  • feature/extended-database-env-configuration protected
  • 1.0.0-alpha6 protected
  • 1.0.0-alpha5 protected
  • 1.0.0-alpha4 protected
  • 1.0.0-alpha3 protected
  • 1.0.0-alpha2 protected
  • 1.0.0-alpha1 protected
21 results
Blame Permalink
  • Konrad Mohrfeldt's avatar
    0106797d
    fix: remove superfluous retrieve/update actions for APIUserViewSet · 0106797d
    Konrad Mohrfeldt authored 
    The retrieve and update actions can be removed because the get_queryset
method already ensures that the user has only access to their own user
object (or all user objects in case of superusers).

Sending 401 responses for unauthorized requests may also be considered
leaky, because it exposes that these objects exist instead of returning
a 404 that simply states that no object with that primary key can be
found.
    0106797d
    History
    fix: remove superfluous retrieve/update actions for APIUserViewSet
    Konrad Mohrfeldt authored 
    The retrieve and update actions can be removed because the get_queryset
method already ensures that the user has only access to their own user
object (or all user objects in case of superusers).

Sending 401 responses for unauthorized requests may also be considered
leaky, because it exposes that these objects exist instead of returning
a 404 that simply states that no object with that primary key can be
found.