Closed Emmanuel-Develops closed 9 months ago
This sounds related to this issue that I observed on the front-end.
I dont understand why this is needed. Can you give a use case?
We already have a check in the backend for whether the user updating the review is the one claimed the transcript https://github.com/bitcointranscripts/transcription-review-backend/blob/01992e19c17e657b5e35d82e29a07bb8f7915923/api/app/controllers/review.controller.ts#L171
Add self and admin middleware auth on update transcript route. i.e Only the reviewer who has an active review tied to a specific transcriptId can update said transcript. The only other exception is admin role.