Snippets Groups Projects

Students and Tutors can access /tutor/ endpoint

Summary

Students and Tutors can access the /tutor/ endpoint

Steps to reproduce

Create fresh database, populate with core.tests.data_factories.make_minimal_exam(). Then login as student 'user01':'p' or tutor 'tutor01':'p' (username:password). Log in and got to localhost:8000/api/tutor Also run the tests in core.tests.test_access_rights

What is the current bug behavior?

Tutors and students have access to /api/tutor

What is the expected correct behavior?

They should not!

Possible fixes

The permission class for this View is 'IsReviewer' and the code for this looks good. I don't know what causes this behavior.

Designs

Child items ...

Activity

robinwilliam.hundt @robinwilliam.hundt · 7 years ago

Author Maintainer

@j.michal 7cc854f0 made the tests pass and the code looks good. Have you verified if the access to those pages is denied in the browsable api?
Jan Maximilian Michal @j.michal · 7 years ago

Owner

Jap, I did for student and reviewer not for the tutor though.

Generally I'd like the tutor to have access to the tutor view except for the destroy and create methods. Have to figure that out still.
Jan Maximilian Michal @j.michal · 7 years ago

Owner

Works as expected.
Jan Maximilian Michal closed 7 years ago

closed
Jan Maximilian Michal reopened 7 years ago

reopened
Jan Maximilian Michal closed via commit 0bcdeaba 7 years ago

closed via commit 0bcdeaba

Please register or sign in to reply