search

slack-ruby / slack-ruby-bot-server-events

Slack commands, interactive buttons, and events extension for slack-ruby-bot-server.
MIT License
71 stars 10 forks source link

authorization/security for teams #24

Closed alrooney closed 1 year ago

alrooney commented 1 year ago

It seems currently there is no authorization and I can't figure out how to add authorization cleanly to the SlackRubyBotServer::Api:Endpoints::TeamsEndpoint. So any user, even if I add authentication, can see all the registered teams and post to any of them i.e. update any of them. Is there any recommendation in the community about the best way to do this? Normally I'd add authorization using something like Pundit to replace a call like this: teams = Team.all but the only way I can figure out to do that is to replace that endpoint entirely with my own which I would rather not do.

Thanks!

dblock commented 1 year ago

This is a dup of https://github.com/slack-ruby/slack-ruby-bot-server/issues/171, take a look. Closing it here.

alrooney commented 1 year ago

Thanks. Will check out the other issue.