19 Nov
2021
19 Nov
'21
10:33 p.m.
On Fri, Nov 19, 2021 at 6:16 AM Stevan Radaković stevan.radakovic@linaro.org wrote:
Hi Milosz,
The actions mentioned in the patch were not going through are own authorization mechanism, so they had to be limited in a hacky fashion. I can't recall the exact issue, but looking at this, it's not straightforward to implement. Simply removing this would allow everyone to do such requests.
The proper way to implement this would probably be to override devicetype, device and testjob models' save(), update() and delete() methods to introduce the auth permission checks there, then remove this part of the code that I've introduced.
OK, got it. I'll try to find some time to fix it. Running everything as superuser isn't great.
milosz