gamerpals / Backend

0 stars 0 forks source link

GET api/User by Id returns session_token #11

Closed MauriceNino closed 5 years ago

MauriceNino commented 5 years ago

Expected Behavior

Return only a slice of the data (the non-private data, like description, name, ...), when called without Bearer/Or with a Bearer that does not belong to the user

Current Behavior

Returns whole user object

Possible Solution

/

Detailed Description

GET http://localhost:50606/api/User/id returns session

Steffx115 commented 5 years ago

Removed current session when not logged in with the correct user -> need to clarify what exactly to remove in this case, only removing current session is only the first step

MauriceNino commented 5 years ago

Should be visible by everyone:

Should only be visible by friends:

Should only be visible by yourself:

Thats what I thought. Any problems with it @Steffx115 ?