Implement delete security #371
Labels
complexity: medium
dependency
Issue has dependencies
draft
This issue is not fully-written
p-feature: API private endpoint
p-feature: API public endpoint
question
Further information is requested
ready for dev lead
role: back end
s: CTJ
stakeholder: Civic Tech Jobs
s: hackforla.org
stakeholder: hackforla.org website
s: kb
stakeholder: knowledgebase
s: PD team
stakeholder: People Depot Team
s: VRMS
stakeholder: VRMS
size: 1pt
Can be done in 4-6 hours
Milestone
Comments
fyliu
added
complexity: medium
p-feature: API public endpoint
p-feature: API private endpoint
question
|
@bonniewolfe How do we want to implement this?
I'm leaning towards the last option as it's closest to what we eventually want to do. Note that we can have a custom modelview class to disable this for every model for now, and then switch to the standard ModelViewSet and implement "delete" actions separately for each model. # declare all model viewsets to use a temporary custom viewset which disables delete
class UserViewSet(NoDeleteModelViewSet):
...
# switch to the standard ModelViewSet and add a custom delete method in each model viewset
class UserViewSet(rest_framework.viewsets.ModelViewSet):
...
def delete(self, request, *args, **kwargs):
... |
shmonks
changed the title
shmonks
changed the title
|
Fang's question at the top no longer applies |
|
This issue needs rewriting due to change in scope. |
ethanstrominger
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Dependency
Overview
We need to disable the DELETE method for all models. This was decided by @bonniewolfe in the 2024/08/15 meeting. The idea is that we do not actually delete data in most cases, but we'll work out the actual "delete" implementation later. For now, we just disable the endpoints
Action Items
Resources/Instructions
The text was updated successfully, but these errors were encountered: