Security: API - Before performing a database retrieve or update operation verify if the logged in user is authorized. - Githubissues

18F / dol-whd-14c

The 14(c) system will become a modern, digital-first service. Applicants will be provided an intuitive online experience, guiding them through the information needed to complete their application correctly.

Other

16 stars 17 forks source link

Security: API - Before performing a database retrieve or update operation verify if the logged in user is authorized. #773

Closed PrabhakarThummalaDOL closed 6 years ago

PrabhakarThummalaDOL commented 6 years ago

[x] Application Controller

Submit() *
GetApplication() - done
GetApplicationsSummary()
ChangeApplicationStatus() - done
GetApplicationDocument() - done
DownloadApplicationDocument() - done
- [x] Account Controller
Register()
UserInfo() *
SetUserEmployer()
CreateOrUpdateEmployerApplication() *
ResetPassword()
VerifyResetPassword()
ChangePassword()
VerifyEmail()
VerifyReactivateAccount()
Logout()
GetAccounts() - done
GetSingleAccount()
GetRoles()
CreateAccount() - done
ModifyAccount() - done
PasswordComplexityCheck()
SendAuthenticationCode()
AccountAdminResendConfirmationEmail() *
AccountAdminResetPassword() *
AccountAdminResendAuthenticationCode() *

[x] Attachment Controller

Post() ~SubmitApplication *
Download() *
Delete() *

[ ] Response Controller

Get()

[x] Save Controller

GetSave() *
AddSave() *
UpdateSave() *
DeleteSave() *
ClearApplicationData() *

[ ] Status Controller

GetStatuses()

[ ] SupportedFileTypes Controller

GetSupportedFileTypes()

[x] UserActivity Controller

GetCreatedUsers() - done
GetUpdatedUsers()- done
GetActiveUsers()- done
GetInactiveUsers()- done
GetDeletedUsers()- done
GetUserActivity()- done
GetRoleActivity()- done
GetRoleLoginActivity()- done
GetUserLoginActivity()- done

EStriegel commented 6 years ago

Confirmed 9/6. Closed.