@SamuelVch98 Currently everyone is allowed to edit any profile by replacing the user id in the route/URL and then by submitting a post request to the update profile route.
There should be a check to ensure only administrators can edit other profiles.
@SamuelVch98 Currently everyone is allowed to edit any profile by replacing the user id in the route/URL and then by submitting a post request to the update profile route.
There should be a check to ensure only administrators can edit other profiles.
https://github.com/UCL-INGI/ictm-teaching/blob/d99b2c535f6440830533e422572f9c1cb3a116a9/user.py#L91-L164