Controllers should respect paper event permissions

danielBingham / peerreview

A diamond open access (free to access, free to publish), open source scientific and academic publishing platform.

GNU Affero General Public License v3.0

53 stars 1 forks source link

Controllers should respect paper event permissions #210

Open danielBingham opened 1 year ago

danielBingham commented 1 year ago

Currently you can side step the visibility permissions by just going straight to the ReviewController's endpoints. Same with Submissions. We need to make sure all controllers respect the proper visibilities.

Part of #194