Unrestricted Exposure of User Data Through the User Query

[krishna619]

Describe the bug The affected query is User($id: ID!) which fetches detailed information about a user based on the user ID provided. The current implementation does not restrict users from querying information about others, which violates common privacy principles and data access controls.

query User($id: ID!) {
    user(id: $id) {
        user {
            _id
            joinedOrganizations {
                _id
            }
            phone {
                mobile
            }
            address {
                line1
                countryCode
                city
                state
            }
        }
        appUserProfile {
            _id
            adminFor {
                _id
            }
        }
    }
}

Potential internship candidates Please read this if you are planning to apply for a Palisadoes Foundation internship https://github.com/PalisadoesFoundation/talawa/issues/359

[github-actions[bot]]

This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue.

[AdityaRaimec22]

@palisadoes can I get assigned to the issue.

[github-actions[bot]]

This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue.

[palisadoes]

Unassigning. Inactivity

[rohansen856]

@palisadoes i would like to work on this issue. please assign me this issue. thank you.

[nitintwt]

@palisadoes @Cioppolo14 Can you please assign this issue to me. Already resolved the issue locally and wanted to make a PR. Thank you

[palisadoes]

@nitintwt I've assigned it to you

[github-actions[bot]]

This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue.