Fix User endpoints for self user

mlte-team / mlte

An infrastructure for evaluating machine learning models.

http://mlte.rtfd.io/

MIT License

9 stars 3 forks source link

Fix User endpoints for self user #426

Closed sebastian-echeverria closed 2 months ago

sebastian-echeverria commented 2 months ago

Fix handling of endpoints for self user. More specifically:

Prevent users with "me" username from being created
Ensure /user/me endpoint works correctly with authorization
Ensure edit user is possible for current user
And ensure a user, while editing itself, cannot add groups to itself
Add /user/me/models endpoint to give all models the current user has access to

sebastian-echeverria commented 2 months ago

User/me endpoint fixed
Models for user/me working

sebastian-echeverria commented 2 months ago

Current issue editing user is that id is obtained from URL, but in the edit case, the id comes in the body; thus, the write-user permission is incorrectly checked, instead of the write-[miid]-user

sebastian-echeverria commented 2 months ago

Addressed in #434