User can see assortments that they should not have access to

stevenbui44 / flashcode

This application allows users to create and study flashcards tailored to LeetCode problems' questions, solutions, approaches, and time/space complexities.

0 stars 0 forks source link

User can see assortments that they should not have access to #12

Closed stevenbui44 closed 3 months ago

stevenbui44 commented 3 months ago

A user can see assortments that they should not access to (i.e. assortments from other users) if they change the id of the browser URL to the assortment's id.

stevenbui44 commented 3 months ago

I fixed it B) it gives them a 403 error too when they try to access an assortment that they should not have access to