automch-code
commented
11 months ago Hello, Mr. Olivier I've already fixed the issue about find_keyword scope by current_user already. You can review my pull request at here.
Open olivierobert opened 11 months ago
automch-code
commented
11 months ago Hello, Mr. Olivier I've already fixed the issue about find_keyword scope by current_user already. You can review my pull request at here.
olivierobert
commented
11 months ago All good to apply the change. I have added some suggestions for you as resources. Let's keep the changes simple.
🙈 You can call me Olivier. Adding Mr.s makes me feel older than I am.
automch-code
commented
11 months ago OK Olivier. I dont know how to call in polite way i have to improve my english skill. 😆
Issue
The endpoint
v1/keywords/:idcan return any keyword, even those not belonging to the current user:https://github.com/automch-code/google-scraping/blob/3a18502d9f4a97c31916a0e90857c9d6489412b9/backend/app/controllers/api/v1/keywords_controller.rb#L21-L24
The related tests do not catch authorization issues.
Expected
All resources must be consistently (as done in the
index) method to ensure users can only access data they own.