inventree/InvenTree
2
0
Fork 0
mirror of https://github.com/inventree/InvenTree.git synced 2026-05-29 20:39:20 +00:00
Code Activity

feat(frontend): improve comms around danger of staff users (#11659)

Browse Source 
* docs: add more details around staff / superuser roles and their dangers

* make clear that staff users are dangerous

* make distinction clearer in API

* add error code and frontend warning about running with staff / admin user

* fix test

* bump api

* adapt banner warning

* make banner locally disableable

* add global option to disable elevated user alert
This commit is contained in:
Matthias Mair
2026-04-05 14:51:46 +02:00
committed by GitHub
parent d358001827
commit e91f306245
13 changed files with 65 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/backend/InvenTree/InvenTree/api_version.py
+4 -1
View File
@@ -1,11 +1,14 @@
"""InvenTree API version information."""
# InvenTree API version
INVENTREE_API_VERSION = 469
INVENTREE_API_VERSION = 470
"""Increment this API version number whenever there is a significant change to the API that any clients need to know about."""
INVENTREE_API_TEXT = """
v470 -> 2026-04-01 : https://github.com/inventree/InvenTree/pull/11659
- Renames "is_staff" field to "is_admin" and updates help texts accordingly to highlight current security boundaries
v469 -> 2026-03-31 : https://github.com/inventree/InvenTree/pull/11641
- Adds parameter support to the SalesOrderShipment model and API endpoints
src/backend/InvenTree/users/serializers.py
+2 -2
View File
@@ -306,8 +306,8 @@ class ExtendedUserSerializer(UserSerializer):
)
is_staff = serializers.BooleanField(
label=_('Staff'),
help_text=_('Does this user have staff permissions'),
label=_('Administrator'),
help_text=_('Does this user have administrative permissions'),
required=False,
)
src/backend/InvenTree/users/test_api.py
+3 -2
View File
@@ -37,9 +37,10 @@ class UserAPITests(InvenTreeAPITestCase):
fields['is_active']['help_text'], 'Is this user account active'
)
self.assertEqual(fields['is_staff']['label'], 'Staff')
self.assertEqual(fields['is_staff']['label'], 'Administrator')
self.assertEqual(
fields['is_staff']['help_text'], 'Does this user have staff permissions'
fields['is_staff']['help_text'],
'Does this user have administrative permissions',
)
def test_api_url(self):