[v3] Check for security in API

DemocracyOS / democracyos

Democracia en Red is focusing on specific implementations of DemocracyOS. We are working now working with governments and activists all over Latin America. If you are interested in our online participation tools you can check them out on our site.

https://democraciaos.org/en/

GNU General Public License v3.0

1.77k stars 616 forks source link

[v3] Check for security in API #1572

Closed guillecro closed 6 years ago

guillecro commented 6 years ago

We need to check and list all the requirements concerning security when accessing to our API endpoints.

Like, for example. If we make a GET in a user get endpoint:

For anonymous, get the id and name.
Other users getting info of one user: [ To be discussed ]
For the owner (Me getting MY info) get my whole info.
For the admin, get all the info,

And also other requirements, like, only the owner can edit the data. Etc. First step should be making a list of that.