← Back to Changelog
ImprovementApril 16, 2026
security: enforce authentication and membership on API endpoints
- Services, ServiceCategories, ServiceInquiries: all read endpoints changed from
AllowAnytoIsAuthenticated+ community membership verification. Non-members can no longer view services from communities they don't belong to. - CommunityMembersView, CommunityLeadersView: changed from
AllowAnytoIsAuthenticated+ membership check. Staff/superusers bypass. - DirectoryMemberViewSet: changed from
AllowAnytoIsAuthenticated. Removed the public directory bypass that allowed anonymous access.