Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat[bckend-RBPS]:Added Role based permission system for object level access. #114

Closed
wants to merge 1 commit into from
Closed

feat[bckend-RBPS]:Added Role based permission system for object level access. #114

wants to merge 1 commit into from

Conversation

shikharpa
Copy link
Collaborator

@shikharpa shikharpa commented Apr 23, 2024
edited
Loading

Implemented a Role-based Permission System (RBPS) to manage object-level access control in the backend. This feature allows for fine-grained control over permissions, enabling administrators to assign roles with specific access rights to users.

  • Created a custom permission system that associates roles with specific permissions for objects.
  • Implemented logic to check permissions based on roles assigned to users.
  • Ensured that only users with appropriate roles can access or modify objects based on their assigned permissions.
  • Tested the RBPS thoroughly to ensure that it works as expected and does not introduce any regressions.

Summary

  • Tested (Must)
  • Test Case added
  • Build Successful (Must)
  • Sufficient Code comments added (Must)
  • Attached Screenshots / Videos
  • All Relevant Documents added

Depends on

github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 23, 2024
View reviewed changes
services/api/permission/views.py
role.add_custom_permission(custom_permissions_data)
return Response(serializer.data, status=status.HTTP_201_CREATED)
except ValueError as e:
return Response({'error': str(e)}, status=status.HTTP_400_BAD_REQUEST)

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.
services/api/permission/views.py
instance.add_custom_permission(custom_permissions_data)
return Response(serializer.data)
except ValueError as e:
return Response({'error': str(e)}, status=status.HTTP_400_BAD_REQUEST)

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.
services/api/permission/views.py
except Role.DoesNotExist:
return Response({'error': 'Role not found'}, status=status.HTTP_404_NOT_FOUND)
except Exception as e:
return Response({'error': str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.
@shikharpa shikharpa closed this Apr 29, 2024
@shikharpa shikharpa deleted the feat/custom-permissions branch April 29, 2024 07:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yogai53 yogai53 Awaiting requested review from yogai53 yogai53 is a code owner

@yaju09 yaju09 Awaiting requested review from yaju09 yaju09 is a code owner

@elizabeththomas92 elizabeththomas92 Awaiting requested review from elizabeththomas92 elizabeththomas92 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@shikharpa