augustin-wien / augustina-backend

An open-source web shop designed for selling magazines on the street.

GNU Affero General Public License v3.0

4 stars 0 forks source link

Fix/security handler permissions #139

Closed lebe1 closed 9 months ago

lebe1 commented 9 months ago

Type of change

[x] Bug fix (non-breaking change which fixes an issue)

Description

IMPORTANT TO KNOW

CHANGES

Adds middleware for POST Call Create payments -> thanks to @jofmi for finding this security gap
Not working in Swagger right now but leaving this issue for the future when a payment manipulation from the backoffice is wished for

TODO

Checklist:

[x] I have commented my code (or ChatGPT did), particularly in hard-to-understand areas
[x] My changes generate no new warnings, neither in my IDE nor in my browser