amorfo77/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2026-04-16 04:58:53 +00:00
Code Issues Projects Releases Wiki Activity

fix(tasks): add read_only_fields to TaskSerializerV9, enforce admin via permission_classes on run action

Browse Source
This commit is contained in:
stumpylog
2026-04-15 13:59:01 -07:00
parent 39c7a04dd2
commit 1ae146a38b
2 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/documents/serialisers.py
View File

@@ -2523,6 +2523,7 @@ class TaskSerializerV9(serializers.ModelSerializer):
"duplicate_documents",
"owner",
)
read_only_fields = fields
def get_task_file_name(self, obj: PaperlessTask) -> str | None:
if not obj.input_data:

8
src/documents/views.py
View File

@@ -93,6 +93,7 @@ from rest_framework.mixins import DestroyModelMixin
from rest_framework.mixins import ListModelMixin
from rest_framework.mixins import RetrieveModelMixin
from rest_framework.mixins import UpdateModelMixin
from rest_framework.permissions import IsAdminUser
from rest_framework.permissions import IsAuthenticated
from rest_framework.request import Request
from rest_framework.response import Response
@@ -3901,16 +3902,13 @@ class TasksViewSet(ReadOnlyModelViewSet[PaperlessTask]):
serializer = self.get_serializer(queryset, many=True)
return Response(serializer.data)
@action(methods=["post"], detail=False)
@action(methods=["post"], detail=False, permission_classes=[IsAdminUser])
def run(self, request):
"""Manually dispatch a background task. Superuser only."""
"""Manually dispatch a background task. Superuser (admin) only."""
serializer = RunTaskSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
task_type = serializer.validated_data.get("task_type")
if not request.user.is_superuser:
return HttpResponseForbidden("Insufficient permissions")
task_func_map = {
PaperlessTask.TaskType.INDEX_OPTIMIZE: (index_optimize, {}),
PaperlessTask.TaskType.TRAIN_CLASSIFIER: (train_classifier, {}),