OK. I fixed those issues and then some. There were some security vulnerabilities where any user could send an api request to delete or update any user. Now only if the session user id and requested user id match can a user be updated. Also, now only the admin can delete a user. These two fixes stop someone from being able to update or delete the user admin or update another users info
OK. I fixed those issues and then some. There were some security vulnerabilities where any user could send an api request to delete or update any user. Now only if the session user id and requested user id match can a user be updated. Also, now only the admin can delete a user. These two fixes stop someone from being able to update or delete the user admin or update another users info