bidiu
commented
7 years ago Review other endpoints of notebooks as well when auth middleware is in place.
Closed bidiu closed 6 years ago
bidiu
commented
7 years ago Review other endpoints of notebooks as well when auth middleware is in place.
bidiu
commented
6 years ago Fixed after the auth module has been implemented
/users/:userId/notebooks /notebooks
A. Shouldn't support indexing notebooks across users, which doesn't make much sense.
B. Because of A, the second endpoint should be accessible to users who log in already (implicitly indexing current user's notebooks).
C. The first endpoint in 99% cases will be banned by the future auth middleware (guest users might be an exception if user is NOT logged in). That being said, if you logged in, the :userId MUST be the current user's id.