kouloumos
commented
11 months ago This sounds related to this issue that I observed on the front-end.
Closed Emmanuel-Develops closed 9 months ago
kouloumos
commented
11 months ago This sounds related to this issue that I observed on the front-end.
Extheoisah
commented
11 months ago I dont understand why this is needed. Can you give a use case?
Extheoisah
commented
11 months ago We already have a check in the backend for whether the user updating the review is the one claimed the transcript https://github.com/bitcointranscripts/transcription-review-backend/blob/01992e19c17e657b5e35d82e29a07bb8f7915923/api/app/controllers/review.controller.ts#L171
Add self and admin middleware auth on update transcript route. i.e Only the reviewer who has an active review tied to a specific transcriptId can update said transcript. The only other exception is admin role.