stock-manager issueshttps://gitlab.insa-rouen.fr/delestre/pao-stock-manager/-/issues2018-11-29T02:20:55Zhttps://gitlab.insa-rouen.fr/delestre/pao-stock-manager/-/issues/1Permissions on views2018-11-29T02:20:55ZDouchin NicolasPermissions on viewsRight now, permissions are handled using Django permissions. But there permissions are only applied to templates and not to views (Django controllers). A user can bypass the current security if he knows the endpoint.
The improvement wou...Right now, permissions are handled using Django permissions. But there permissions are only applied to templates and not to views (Django controllers). A user can bypass the current security if he knows the endpoint.
The improvement would be to handle permissions also for views. If a user does an action he shouldn't be able to (delete a cuttable supply), then the request should return an error.