Open sethvincent opened 5 years ago
I think this is handled not at the endpoint level but at the database level. The request from the database should be something like:
listteams = (public teams + private teams that can be accessed by user ) filtered by osmId if it exists
Yeah, that makes sense for it to be at the database level.
We should have something similar to the
team:view
permission on this endpoint that filters out teams that a user can not view.https://github.com/developmentseed/osm-teams/blob/aa513d70d3e63df77e909ecccb25f21acca05823/app/manage/teams.js#L5-L20