Rights management doesn't handle user's budgets #57

New Issue

Open

opened 2022-07-25 23:27:17 +02:00 by jacob1123 · 0 comments

jacob1123 commented 2022-07-25 23:27:17 +02:00

Owner

Copy Link

Currently all API endpoints just check for a valid token. So any user could read any other user's budgets. We should check if a user actually has access to a specific budget and its history.

Currently all API endpoints just check for a valid token. So any user could read any other user's budgets. We should check if a user actually has access to a specific budget and its history.

jacob1123 added the

bug

label 2022-09-13 10:20:07 +02:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

create-categories

0.6.0

0.5.3

0.5.2

0.5.1

0.5.0

0.4.3

0.4.2

0.4.1

0.4.0

0.3.2

0.3.1

0.3.0

v0.1.0

v0.0.1

Labels

Clear labels

bug

Something is not working

duplicate

This issue or pull request already exists

enhancement

New feature

help wanted

Need some help

invalid

Something is wrong

question

More information is needed

wontfix

This won't be fixed

No Label

bug

Milestone

No items

No Milestone

Assignees

Clear assignees

jacob1123

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: jacob1123/budgeteer#57

No description provided.