search

stockpile-co / api

The API for Stockpile, an app that manages stuff for organizations.
0 stars 1 forks source link

Add user endpoints #170

Closed AdamVig closed 7 years ago

AdamVig commented 7 years ago
  1. Return everything but filter the password field out of responses.
  2. Get all should only be accessible to admins
  3. Only admins can change roleID
  4. Password cannot be changed except through the endpoint from #168
AdamVig commented 7 years ago

Created a view in the database to address points 1, 3, and 4. The view only has the user's first name, last name, email, user ID, and organization ID. This prevents the user from editing his or her password or role ID and excludes those fields from responses as well.

The view is called userInfo.