search

aiondemand / AIOD-rest-api

A containerized application using FastAPI and SQLAlchemy connected to a MySQL database.
MIT License
10 stars 7 forks source link

Handle User Privacy issues | API should not reveal personal information #293

Closed AlexJoom closed 2 months ago

AlexJoom commented 3 months ago

The contact email addresses, and the Person's first name and last name should be hidden on get requests, unless you are the owner who posted the AIoD entity

AlexJoom commented 3 months ago

Notice that in events, we have a "Performer" property, that maps to the speakers of the event (Person object)

In this case we should display their First name and Last Name

At the moment, the get request for events returns only the Ids of the people, so it's not possible to display them.

Ideally we should know if Persons have given consent their information to be publicly available.

A short solution for the events would be to return the whole person object instead of the ids

jsmatias commented 3 months ago

I linked this issue to PR #298 to limit access to sensitive information.

Regrading the second comment, quoted below:

Notice that in events, we have a "Performer" property, that maps to the speakers of the event (Person object)

In this case we should display their First name and Last Name

At the moment, the get request for events returns only the Ids of the people, so it's not possible to display them.

Ideally we should know if Persons have given consent their information to be publicly available.

A short solution for the events would be to return the whole person object instead of the ids

This can be further discussed and addressed in a separate PR, if needed.