Open ClawedCatalyst opened 1 year ago
@ClawedCatalyst I would like work on this
lakshay-saini-au8 sure you can
I would like to contribute to this issue. Is anybody working with it?
you can start on this @kiranrokkam09 :)
You are saying that only authenticated users can make a POST request to the endpoint.
Yes only authenticated and id of user should be the authenticated user. If I pass a different user id it should raise an error @kiranrokkam09
@ClawedCatalyst you can check the pull request made by me. I added the following code:
@ClawedCatalyst Sorry for the dealy here is the change please do review https://github.com/Bulkmailer/BulkMailer-Backend/pull/17
In
mailer/views.py
, at line 31, there is a POST API for creating a group. Currently, there seems to be no validation regarding the user ID.Here's the issue:
I can simply pass a user token and create a group with a different user ID. Consequently, the group is added to the account associated with the user ID that was passed.
Here's what should happen:
When a different user's ID is passed, it should raise an error, indicating 'permission denied.'"