fix: @querystring shouldn't list userids #1824
Conversation
|
@askadityapandey thanks for creating this Pull Request and helping to improve Plone! TL;DR: Finish pushing changes, pass all other checks, then paste a comment: To ensure that these changes do not break other parts of Plone, the Plone test suite matrix needs to pass, but it takes 30-60 min. Other CI checks are usually much faster and the Plone Jenkins resources are limited, so when done pushing changes and all other checks pass either start all Jenkins PR jobs yourself, or simply add the comment above in this PR to start all the jobs automatically. Happy hacking! |
There was a problem hiding this comment.
Thanks for working on this. I'd like a few things to be different in the implementation:
- We should not have 2 different endpoints. We should still have one endpoint,
@querystring, but it should fiilter its output based on the current user's permissions. - Instead of a hardcoded list of sensitive vocabs, we should check for the user's permission to use the vocab in the same way that the
@vocabulariesendpoint already does: - There should be at least one test for this filtering, and the existing tests need to pass (or be updated to match a change in behavior, if necessary).
- There should be a note about the permission-based filtering in the docs for this endpoint.
Co-authored-by: David Glick <[email protected]>
|
@askadityapandey I would like to merge this, but I am waiting for you to remove the changes in configure.zcml. They are wrong and are the reason the tests are not passing. |
|
@askadityapandey Please look at the automated checks that failed:
|
This Pull Request fixes #1777 , lemme know if I need to make changes!
📚 Documentation preview 📚: https://plonerestapi--1824.org.readthedocs.build/