Skip to content
Snippets Groups Projects
Commit 0106797d authored by Konrad Mohrfeldt's avatar Konrad Mohrfeldt :koala:
Browse files

fix: remove superfluous retrieve/update actions for APIUserViewSet 

The retrieve and update actions can be removed because the get_queryset
method already ensures that the user has only access to their own user
object (or all user objects in case of superusers).

Sending 401 responses for unauthorized requests may also be considered
leaky, because it exposes that these objects exist instead of returning
a 404 that simply states that no object with that primary key can be
found.
parent 1b0a0ad5
No related branches found
No related tags found
1 merge request!21Add API documentation
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 38 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment