[Fixes #11995 Implement POST and PATCH methods for the User API #12011
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 9702486 | Triggered | Generic Password | 4bad53a | geonode/people/tests.py | View secret |
| 9702486 | Triggered | Generic Password | ee071e2 | geonode/people/tests.py | View secret |
| 9702486 | Triggered | Generic Password | 26c940f | geonode/people/tests.py | View secret |
| 9702487 | Triggered | Username Password | 4bad53a | geonode/people/tests.py | View secret |
| 9702487 | Triggered | Username Password | 26c940f | geonode/people/tests.py | View secret |
| 9705160 | Triggered | Username Password | c0c4dfb | geonode/base/api/tests.py | View secret |
| 9768717 | Triggered | Username Password | ee071e2 | geonode/people/tests.py | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Our GitHub checks need improvements? Share your feedbacks!
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## ISSUE_11995 #12011 +/- ##
===============================================
+ Coverage 63.67% 63.81% +0.13%
===============================================
Files 867 867
Lines 52664 52843 +179
Branches 6600 6609 +9
===============================================
+ Hits 33535 33720 +185
+ Misses 17610 17598 -12
- Partials 1519 1525 +6 |
mattiagiupponi
commented
Mar 4, 2024
…te tests return 405
mattiagiupponi
commented
Mar 5, 2024
| @@ -139,6 +140,11 @@ def has_object_permission(self, request, view, obj): | |||
| elif hasattr(obj, "user"): | |||
| _request_matches = obj.user == request.user | |||
|
|
|||
| if isinstance(obj, get_user_model()) and not request.user.is_anonymous: | |||
| if request.method in permissions.SAFE_METHODS and obj in get_available_users(request.user): | |||
There was a problem hiding this comment.
this is a good way to re-use the already existing IsOwnerOrAdmin we decided to use this class, because the check on the User object was already present. We just update the check to be sure that the users that belong to the same group can see each other
mattiagiupponi
commented
Mar 5, 2024
mattiagiupponi
commented
Mar 6, 2024
…actored validation in serializer
giohappy
approved these changes
Mar 7, 2024
giohappy
added a commit
that referenced
this pull request
Mar 21, 2024
…2072) * [Fixes #11995 Implement POST and PATCH methods for the User API (#12011) * [Fixes #11995] Implement POST and PATCH methods for the User API * Upgrare Remote Docker for CircleCI * [Fixes #11995] Implement POST and PATCH methods for the User API, refactored validation in serializer --------- Co-authored-by: RegisSinjari <omilale2@gmail.com> Co-authored-by: Giovanni Allegri <giohappy@gmail.com> * [Fixes #11995] Implement the DELETE method for the User API (#12028) * [Fixes #11995] Implement the DELETE method for the User API * [Fixes #11995] Implement the DELETE method for the User API refactor and docstrings added * [Fixes #11995] Implement endpoint to transfer resources (#12067) * [Fixes #11995] Implement endpoint to transfer ownership * [Issue 11995] Implement endpoint to unregister as a project manager (#12066) * [FIXES #11995] Implement endpoint to unregister as a project manager * [FIXES #11995] Implement endpoint to unregister as a project managergroup.group_id * [FIXES #11995] Implement endpoint to unregister as a project manager,tests added * [Fixes #11995] black reformatting * [Fixes #11995] GNIP 99: Implement a CRUD REST API for users * [Fixes #11995] GNIP 99: Implement a CRUD REST API for users * Update views.py --------- Co-authored-by: RegisSinjari <omilale2@gmail.com> Co-authored-by: Giovanni Allegri <giohappy@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Checklist
For all pull requests:
The following are required only for core and extension modules (they are welcomed, but not required, for contrib modules):
Submitting the PR does not require you to check all items, but by the time it gets merged, they should be either satisfied or inapplicable.