-
Notifications
You must be signed in to change notification settings - Fork 3
Description
TASK: Restrict reports/e2e-delete-all-reports/ to when E2E_TEST is True, return 404
We've restricted it to certain IDs, but should we another layer of protection that hitting that endpoint only works if E2E_TEST is true. If the rules for delete_all_reports changed it could end up actually deleting all reports.
Note: I think we share a function with a management command that’s used in the lower environments, but the API call should not work in any environment.
See e2e_delete_all_contacts as an example of us not allowing it and returning a 404. It might be more ideal to not include the endpoint in the routing if possible. DRF likely supports dynamic routes based on conditions. If there is a way to take that approach update the e2e_delete_all_contacts to follow that pattern.
QA Notes
null
DEV Notes
null
Design
null
See full ticket and images here: FECFILE-2819