Comments (6)
callapa1
commented on June 8, 2024
1
Hello @sylvansson . Sorry, I had some problems trying to reproduce the environment because of all the API keys needed. Yes, you can assign this to someone else
from cboard-api.
sylvansson
commented on June 8, 2024
@martinbedouret This might be a good task for Katerina and Maria? I know it's security-related but it should be fairly simple, and I wrote some tests in #174 so they can validate that the fix works as intended.
from cboard-api.
callapa1
commented on June 8, 2024
Just in case, I'm completely new to this app and api (and a beginner dev), but I realized that the same problem should happen with deleting a user?
removeUser is almost identical with deleteBoard, both not considering the user and going straight to findByIdAndRemove
from cboard-api.
sylvansson
commented on June 8, 2024
Hi @callapa1, good observation. I would have to check, but as far as I know only an admin can call the removeUser route. It's a bit hidden but you can see it in the Swagger definition for the route.
from cboard-api.
callapa1
commented on June 8, 2024
Hi @sylvansson . Yes, I just found it. Only admin in x-security-scopes
from cboard-api.
sylvansson
commented on June 8, 2024
Hi @callapa1, are you still working on this? If not, I might assign the issue to someone else.
from cboard-api.
Related Issues (20)
- App stop after receiving a request on a admin's endpoint with user Auth
- Fix data type on response for successPayload of post a transaction
- Change purchase subscription validation por v2 HOT 1
- Change purchase subscription validation to the purchases.subscriptionsv2
- Fix user location test to use a mocked IP
- Improove location tests
- Add createdAt property for users
- Retrive subscriber ID on login
- Delete unique index on country prop on Subscriber Schema
- Update status attribute on subscriber
- Update valid transactionData retrieved from mockPurchaseTokenVerification V2
- Duplicated confirmation email after registration
- Modify test script to avoid use of swagger
- Problems with Local Server HOT 1
- Complete tests for subscription feature
- Double update of transaction on getSubscriber
- Analytics BatchGet fail after google api Auth for playstore
- implement Apple Passport Strategy
- Allow users to delete his own account
- Subscriptions don't necessarily get synchronized fully
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cboard-api.