Enforce permissions on API endpoints

batchnz / craft-commerce-untitled

A Craft Commerce plugin for minting variants based on field values

MIT License

0 stars 1 forks source link

Enforce permissions on API endpoints #12

Open moacode opened 3 years ago

moacode commented 3 years ago

We need to add permissions to each API endpoint to ensure these can't be accessed from unauthorized users (as then they'd be able to change pricing etc.).

Take a look at how Craft Commerce secures their controllers for reference.

moacode commented 3 years ago

Estimate: 3–5 hours.

moacode commented 3 years ago

You wanna use this method if possible. I doubt the Yii rest controller I'm using has this method but it's only a couple of lines so it's probably easier to copy/paste.