🔒️(admin) make recording fields read-only for security and performance
These values should not be updated from the admin interface. Allowing changes to a recording’s associated room could lead to data leaks (e.g., notifications being resent to the wrong users after a malicious modification). Also remove the room select field, which rendered a dropdown with ~150k options, flooding the DOM and severely degrading page performance.
This commit is contained in:
lebaudantoine
committed by
aleb_the_flash
aleb_the_flash
parent
4344dd6e35
commit
42a05da5c0
@@ -213,7 +213,16 @@ class RecordingAdmin(admin.ModelAdmin):
|
|||||||
)
|
)
|
||||||
list_filter = ["created_at"]
|
list_filter = ["created_at"]
|
||||||
list_select_related = ("room",)
|
list_select_related = ("room",)
|
||||||
readonly_fields = ["id", "created_at", "updated_at"]
|
readonly_fields = (
|
||||||
|
"id",
|
||||||
|
"created_at",
|
||||||
|
"options",
|
||||||
|
"mode",
|
||||||
|
"room",
|
||||||
|
"status",
|
||||||
|
"updated_at",
|
||||||
|
"worker_id",
|
||||||
|
)
|
||||||
actions = [resend_notification]
|
actions = [resend_notification]
|
||||||
|
|
||||||
def get_queryset(self, request):
|
def get_queryset(self, request):
|
||||||
|
|||||||
Reference in New Issue
Block a user