User can have unauthorized access to other user's url and profile info

systers / macc

Server side support platform for Peace Corps mobile applications.

http://macc.systers.org/

9 stars 51 forks source link

User can have unauthorized access to other user's url and profile info #173

Closed mish24 closed 7 years ago

mish24 commented 7 years ago

screenshot from 2017-03-01 00-25-03 screenshot from 2017-03-01 06-36-24

In the screenshot, the header says welcome, user. This means no first name has been set up. But if the user tries to type another id number in the url, he/she is able to access another user's profile info, just as shown in the screenshot. And this is for all the pages. @medhach Can I work on this?

medhach commented 7 years ago

Okay :)

mish24 commented 7 years ago

Solved in #201