Closed juliangruendner closed 10 months ago
A user should only be able to access his own results, unless he is an admin.
For this the following should be added to the detailed-obfuscated-result endpoint similar to other endpoints:
if (!hasAccess(queryId, authentication)) { return new ResponseEntity<>(HttpStatus.FORBIDDEN); }
A user should only be able to access his own results, unless he is an admin.
For this the following should be added to the detailed-obfuscated-result endpoint similar to other endpoints: