Skip to content

Commit 0195675

Browse files
MaffoochMaffooch
committed
Update note permissions in Engagement, Finding, and Test viewsets
1 parent 6e4477a commit 0195675

1 file changed

Lines changed: 4 additions & 4 deletions

File tree

dojo/api_v2/views.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -504,7 +504,7 @@ def generate_report(self, request, pk=None):
504504
request=serializers.AddNewNoteOptionSerializer,
505505
responses={status.HTTP_201_CREATED: serializers.NoteSerializer},
506506
)
507-
@action(detail=True, methods=["get", "post"], permission_classes=[IsAuthenticated, permissions.UserHasEngagementRelatedObjectPermission])
507+
@action(detail=True, methods=["get", "post"], permission_classes=[IsAuthenticated, permissions.UserHasEngagementNotePermission])
508508
def notes(self, request, pk=None):
509509
engagement = self.get_object()
510510
if request.method == "POST":
@@ -1096,7 +1096,7 @@ def request_response(self, request, pk=None):
10961096
request=serializers.AddNewNoteOptionSerializer,
10971097
responses={status.HTTP_201_CREATED: serializers.NoteSerializer},
10981098
)
1099-
@action(detail=True, methods=["get", "post"], permission_classes=(IsAuthenticated, permissions.UserHasFindingRelatedObjectPermission))
1099+
@action(detail=True, methods=["get", "post"], permission_classes=(IsAuthenticated, permissions.UserHasFindingNotePermission))
11001100
def notes(self, request, pk=None):
11011101
finding = self.get_object()
11021102
if request.method == "POST":
@@ -1226,7 +1226,7 @@ def download_file(self, request, file_id, pk=None):
12261226
request=serializers.FindingNoteSerializer,
12271227
responses={status.HTTP_204_NO_CONTENT: ""},
12281228
)
1229-
@action(detail=True, methods=["patch"], permission_classes=(IsAuthenticated, permissions.UserHasFindingRelatedObjectPermission))
1229+
@action(detail=True, methods=["patch"], permission_classes=(IsAuthenticated, permissions.UserHasFindingNotePermission))
12301230
def remove_note(self, request, pk=None):
12311231
"""Remove Note From Finding Note"""
12321232
finding = self.get_object()
@@ -2160,7 +2160,7 @@ def generate_report(self, request, pk=None):
21602160
request=serializers.AddNewNoteOptionSerializer,
21612161
responses={status.HTTP_201_CREATED: serializers.NoteSerializer},
21622162
)
2163-
@action(detail=True, methods=["get", "post"], permission_classes=(IsAuthenticated, permissions.UserHasTestRelatedObjectPermission))
2163+
@action(detail=True, methods=["get", "post"], permission_classes=(IsAuthenticated, permissions.UserHasTestNotePermission))
21642164
def notes(self, request, pk=None):
21652165
test = self.get_object()
21662166
if request.method == "POST":

0 commit comments

Comments
 (0)