Make sure different users’ video requests are only available to them

FullFact / health-misinfo-shared

Raphael health misinformation project, shared by Full Fact and Google

MIT License

0 stars 0 forks source link

Make sure different users’ video requests are only available to them #149

Closed andylolz closed 6 days ago

andylolz commented 1 week ago

@dcorney writes:

Be nice to make sure that different users video requests are only available to them

I guess there are two bits to this:

Only show the logged in user’s analyses in the history on the homepage
Only allow the logged in user to view analyses that they created

dcorney commented 1 week ago

Sorry, not sure I understand the difference between 1 & 2?

ff-dh commented 1 week ago

Without point 2, a logged-in user may be able to adjust the URL to view any run, not just the runs listed on the homepage.

dcorney commented 1 week ago

Thanks. For the current demo period, Kate is happy to have a single demo account with multiple users who can see each other's analyses. So this is low priority.

andylolz commented 1 week ago

Should we close this as wontfix then, @dcorney?

dcorney commented 6 days ago

Update: after a chat with @andylolz and checking in with the AI team, let's do the smaller bit of work:

Only show the logged in user’s analyses in the history on the homepage

which should just be adding a WHERE clause on the SQL statement that fetches the history. This should make the interface cleaner for users, who won't be distracted by other user's videos. For now, we don't need to stop users from "hacking" the URL to see other content (part 2 of the original spec).