Open subhashini-egov opened 1 month ago
@Ramu-kandimalla @suresh12 why are the showstopper labels being removed without any comments or explanation? What's the plan for fixing these? CC: @atulgupta2024
Hi @Subhashini @.***>,
I have added new label called NFR this NFR & Security are the priority tasks we are planned post judges Demo for tracking purpose
We are been discussing these action plans on the standup call regularly.
Please go through the updated Sprint planning Sprint Planhttps://github.com/orgs/pucardotorg/projects/1/views/20?filterQuery=label%3ANFR
Regards, Ramu Kandimalla Project Manager Beehttps://www.beehyv.com/Hyvhttps://www.beehyv.com/ Software Solutionshttps://www.beehyv.com/
From: subhashini-egov @.> Sent: Wednesday, September 25, 2024 9:17 AM To: pucardotorg/dristi @.> Cc: Ramu Kandimalla @.>; Mention @.> Subject: Re: [pucardotorg/dristi] Tech Debt: Case search API does not restrict access to data (Issue #1401)
@Ramu-kandimallahttps://github.com/Ramu-kandimalla @suresh12https://github.com/suresh12 why are the showstopper labels being removed without any comments or explanation? What's the plan for fixing these? CC: @atulgupta2024https://github.com/atulgupta2024
— Reply to this email directly, view it on GitHubhttps://github.com/pucardotorg/dristi/issues/1401#issuecomment-2372853179, or unsubscribehttps://github.com/notifications/unsubscribe-auth/BHXFLHN42NW2QHE57JWWYFTZYIW6NAVCNFSM6AAAAABM5RD7OSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNZSHA2TGMJXHE. You are receiving this because you were mentioned.Message ID: @.***>
Disclaimer: This message and any attachments may contain information that is privileged and confidential. Any use of the information contained in this message or attachment has to be expressly authorized by the sender of such information. If the reader of the message is neither the intended recipient nor an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any attachments from your system.
Describe the bug
The case search API should restrict access to data only to parties of the case - Judge/Advocate/Litigant/Bench Clerk. 200 OK to be returned for these personas. Everyone else should get a 401 Unauthorized.
To Reproduce Steps to reproduce the behavior:
Expected behavior An error screen should be shown in the UI.