Bulkmailer / BulkMailer-Backend

Backend for Bulk Mailer
https://bulkmailer.suhaila.tech
7 stars 4 forks source link

Validation in create group API #9

Open ClawedCatalyst opened 1 year ago

ClawedCatalyst commented 1 year ago

In mailer/views.py, at line 31, there is a POST API for creating a group. Currently, there seems to be no validation regarding the user ID.

Here's the issue:

I can simply pass a user token and create a group with a different user ID. Consequently, the group is added to the account associated with the user ID that was passed.

Here's what should happen:

When a different user's ID is passed, it should raise an error, indicating 'permission denied.'"

image
lakshay-saini-au8 commented 1 year ago

@ClawedCatalyst I would like work on this

ClawedCatalyst commented 1 year ago

lakshay-saini-au8 sure you can

kiranrokkam09 commented 1 year ago

I would like to contribute to this issue. Is anybody working with it?

ClawedCatalyst commented 1 year ago

you can start on this @kiranrokkam09 :)

kiranrokkam09 commented 1 year ago

You are saying that only authenticated users can make a POST request to the endpoint.

ClawedCatalyst commented 1 year ago

Yes only authenticated and id of user should be the authenticated user. If I pass a different user id it should raise an error @kiranrokkam09

kiranrokkam09 commented 1 year ago

@ClawedCatalyst you can check the pull request made by me. I added the following code: views py - Visual Studio Code 05-10-2023 12_47_20 PM

lakshay-saini-au8 commented 1 year ago

@ClawedCatalyst Sorry for the dealy here is the change please do review https://github.com/Bulkmailer/BulkMailer-Backend/pull/17