Closed Amr3zzat closed 4 years ago
mamazu
commented
4 years ago Thank you for your pull request. One thing I was woundering when looking through the documentation is: In the docs it says that the endpoint returns a 500 if the user does not own the address. If this behaviour has also changed then could you please update the documentation and add a note in the UPGRADE.md that this changed.
Amr3zzat
commented
4 years ago @mamazu Thanks for review , I have updated the docs and the upgrade.
mamazu
commented
4 years ago Could you please rebase your pull request to the current master and also add the authorization documentation to the new "change password route"?
Amr3zzat
commented
4 years ago @mamazu Sure I will do that
Amr3zzat
commented
4 years ago @mamazu I have rebased the master , I checked the change password route in docs , the new protection will match with new route docs , It will return 401
mamazu
commented
4 years ago I don't really get why the address book routes return a 404 when the customer does not have access to those routes instead of a 403 but as this seems to be Sylius default I am okay with it.
mamazu
commented
4 years ago Thanks, Amr! :tada:
Protect Address book and me routes in security.yaml related issues #569