search

spaceshelter / orbitar

Experimental collective social/blogging platform with self-regulation.
MIT License
61 stars 24 forks source link

Seeing settings page of another user does not make sense, this disables it #284

Closed pazoozoo42 closed 1 year ago

pazoozoo42 commented 1 year ago

API endpoints patching is not needed

Aivean commented 1 year ago

I think we should disable it in the corresponding API controller (just return status code when requesting user doesn't match requested user).

This is better, because:

  1. Currently for your own user /u/page and /profile/page are synonyms. Your PR will break that.
  2. Your change leaves API access unrestricted.
Aivean commented 1 year ago

After some consideration, it's better to disable this page in the View: https://github.com/spaceshelter/orbitar/blob/d520df112c846aea6044e231cf953794d9b378b1/frontend/src/Pages/UserPage.tsx#L34

e.g. https://stage.orbitar.space/u/orbitar/settings https://stage.orbitar.space/u/orbitar/invites1

Should have identical result.