These are chat archives for fossasia/open-event-server

7th
Jul 2017
Piyush Agrawal
@poush
Jul 07 2017 07:27
@enigmaeth not sure yet but I think we cannot allow POST on speakers on any endpoint other than events/<int:event_id>/speakers because we need to associate a speaker with an event. We can get logged in user_id or user details in data schema at the time of creation of speakers in this vents/<int:event_id>/speakers endpoint. But I don’t we will get event_id from any other endpoint.
Also for Access Forbidden, make sure the user_id in Body and url is same Other than that I don’t see any way to get forbidden error (unless the auth is not provided or invalid )
Mario Behling
@mariobehling
Jul 07 2017 13:32
@SaptakS @shubham-padia @magdalenesuo @enigmaeth Please post all accepted blog posts now to get rid of our backlog.
Afroz Ahamad
@enigmaeth
Jul 07 2017 16:01
@mariobehling Added all blog posts already :smile: Writing new ones!

@enigmaeth not sure yet but I think we cannot allow POST on speakers on any endpoint other than events/<int:event_id>/speakers because we need to associate a speaker with an event. We can get logged in user_id or user details in data schema at the time of creation of speakers in this vents/<int:event_id>/speakers endpoint. But I don’t we will get event_id from any other endpoint.

@poush Yeah, that's what I have implemented in fossasia/open-event-orga-server#3978 . Using current_identity.id as user_id while creating a speaker related to an event

Afroz Ahamad
@enigmaeth
Jul 07 2017 16:42
@poush @SaptakS Could you please check once for the failing users/<int:id> endpoints? The permission manager gives PATCH and DELETE to is_user_itself but still these two requests are failing.