Open corsacca opened 1 year ago
By default the api to list out connections should be disabled so the viewer does not have access to all record names in the system.
Pull Request created. On hold because of security considerations: https://github.com/DiscipleTools/disciple-tools-bulk-magic-link-sender/pull/100
enabling connection fields on magic links opens up a lot of discoverability from a logged out interface.
Discussion. This gives access to all records of the connection type. This is maybe too powerful. If we proceed, we need that to be clearly indicated (on each row where a connection field is used)