Closed timyates closed 2 weeks ago
Previously we checked the owner of the passed in object, but not the owner of the db object in the case of an update.
This meant that people could effectively change ownership of earned certifications from someone else to themselves.
This commit makes the change so we check both the object in flight, and the object at rest for updates.
Previously we checked the owner of the passed in object, but not the owner of the db object in the case of an update.
This meant that people could effectively change ownership of earned certifications from someone else to themselves.
This commit makes the change so we check both the object in flight, and the object at rest for updates.