Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Persistence needs to be scoped to only allow edits within user scope #68

Open
accolasia opened this issue Jan 4, 2017 · 0 comments
Open

Persistence needs to be scoped to only allow edits within user scope #68

accolasia opened this issue Jan 4, 2017 · 0 comments
Labels
Security TECH MVP

Comments

@accolasia
Copy link
Contributor

Editing requires a post with an eventId and a valid API-key, but once you've passed the API key check, the lookup/modifications are primarily by id. Need to add owner_id to all the queries so one user can't edit another user's stuff via the API.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Security TECH MVP
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@accolasia