Skip to content

eligible-users api - restrict to global admins and project admins #433

New issue
New issue
Open
Open
eligible-users api - restrict to global admins and project admins#433
Labels
complexity: mediumStraightforward but some complexity (e.g., involves multiple files)dependencyIssue has dependenciesethanfeature: securitymilestone: missingrole: devs: PD teamstakeholder: People Depot Teamsize: 3ptCan be done in 13-18 hours
@ethanstrominger

Description

@ethanstrominger
ethanstrominger
opened on Nov 10, 2024

Dependency

Overview

Ensure only valid users can use the API

API specification

/eligibile-users/

Action Items

  • permissions.py (& views.py): UserEligiblePermission
    • Validate project id.
    • views.py: Add as a permission to UserEligibleView
    • Check if user is a global admin or project admin. If not, return error.
    • If not a global admin, check that project admin is assigned to the specified project. If not, return errror.

Metadata

Metadata

Assignees

No one assigned

    Labels

    complexity: mediumStraightforward but some complexity (e.g., involves multiple files)dependencyIssue has dependenciesethanfeature: securitymilestone: missingrole: devs: PD teamstakeholder: People Depot Teamsize: 3ptCan be done in 13-18 hours

    Type

    No type

    Projects

    P: PD: Project Board

    Status

    🧊Ice Box

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions