django-ninja-extra icon indicating copy to clipboard operation
django-ninja-extra copied to clipboard
Published 5 months ago verified publisher icon eadwinCode

Check Schema Validation first before check permissions.

Open Elixir-MeetThoriya opened this issue 1 year ago • 5 comments 

class UserPasswordSchema(Schema):
    password: str

    @login_required
    @model_validator(mode='after')
    @classmethod
    def check_password(cls, obj):
        check_user_password(password=obj.password)
        return obj

class UserResetPasswordSchema(UserPasswordSchema):
    pass

@http_post(
        path="{user_id}/reset-password/",
        response={
            HTTPStatus.OK: SuccessSchema,
            HTTPStatus.INTERNAL_SERVER_ERROR: ErrorSchema,
            HTTPStatus.BAD_REQUEST: ErrorSchema,
        },
        permissions=[AdminPermission],
        summary="Reset User Password",
        description="Allows admins to reset a user's password using their user ID.",
        url_name="reset_user_password"
    )
    def reset_password(self, user_id: int, payload: UserResetPasswordSchema):
           pass

why permissions check after the schema validation ??

Elixir-MeetThoriya avatar Oct 16 '24 07:10 Elixir-MeetThoriya

@Elixir-MeetThoriya I don't get your question

eadwinCode avatar Oct 18 '24 10:10 eadwinCode

when try to hit api, can't check permission first (here check schema validations first , after that check permissions ) # not valid

Elixir-MeetThoriya avatar Oct 21 '24 06:10 Elixir-MeetThoriya

Oh okay. This is a challenge currently. I will try and dedicate some time to fix this

eadwinCode avatar Oct 29 '24 21:10 eadwinCode

@Elixir-MeetThoriya can you check with the latest release if the issue is resolved

eadwinCode avatar Nov 21 '24 05:11 eadwinCode

sure, Thanks @eadwinCode

Elixir-MeetThoriya avatar Dec 16 '24 07:12 Elixir-MeetThoriya