-
-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: @querystring shouldn't list userids #1824
base: main
Are you sure you want to change the base?
Conversation
@askadityapandey thanks for creating this Pull Request and helping to improve Plone! TL;DR: Finish pushing changes, pass all other checks, then paste a comment:
To ensure that these changes do not break other parts of Plone, the Plone test suite matrix needs to pass, but it takes 30-60 min. Other CI checks are usually much faster and the Plone Jenkins resources are limited, so when done pushing changes and all other checks pass either start all Jenkins PR jobs yourself, or simply add the comment above in this PR to start all the jobs automatically. Happy hacking! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for working on this. I'd like a few things to be different in the implementation:
- We should not have 2 different endpoints. We should still have one endpoint,
@querystring
, but it should fiilter its output based on the current user's permissions. - Instead of a hardcoded list of sensitive vocabs, we should check for the user's permission to use the vocab in the same way that the
@vocabularies
endpoint already does:def _has_permission_to_access_vocabulary(self, vocabulary_name): - There should be at least one test for this filtering, and the existing tests need to pass (or be updated to match a change in behavior, if necessary).
- There should be a note about the permission-based filtering in the docs for this endpoint.
Co-authored-by: David Glick <[email protected]>
@askadityapandey I would like to merge this, but I am waiting for you to remove the changes in configure.zcml. They are wrong and are the reason the tests are not passing. |
@askadityapandey Please look at the automated checks that failed:
|
This Pull Request fixes #1777 , lemme know if I need to make changes!
📚 Documentation preview 📚: https://plonerestapi--1824.org.readthedocs.build/