-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
And/add detail view to result notification #200
And/add detail view to result notification #200
Conversation
5cfa74a
to
aebfe51
Compare
Http404: If no objects match the given candidate and course. | ||
""" | ||
objects = self.get_queryset().filter( | ||
candidate=self.request.user, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was testing this, and I would check the reason of the candidate using only the request.user
. I mean this API is by Bearer so the the user would be the same as the third-party- application. So this would only allow to view courses of the application user.
Eg. my application or credentials of the Api are attached to cms user.
So after I create a resultNotification related cms_user I could get data of
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was testing this, and I would check the reason of the candidate using only the
request.user
. I mean this API is by Bearer so the the user would be the same as the third-party- application. So this would only allow to view courses of the application user. Eg. my application or credentials of the Api are attached to cms user. So after I create a resultNotification related cms_user I could get data of
you are right, that is the purpose of these changes
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But why is this useful? only to check the pearsonbearer application user?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the bearer application user, the jwt application user and finally any user with a jwt token(which is not associated to a Django toolkit application )
Description
This add a new endpoint that allow to get the detail event
Testing instructions
eox-nelp/api/pearson_vue/v1/resultNotification/<course_id>
Result
Include anything else that will help reviewers and consumers understand the change.
Checklist for Merge