Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validation in create group API #9

Open
ClawedCatalyst opened this issue Oct 2, 2023 · 8 comments
Open

Validation in create group API #9

ClawedCatalyst opened this issue Oct 2, 2023 · 8 comments
Labels
good first issue Good for newcomers hacktoberfest PR for Hacktoberfest

Comments

@ClawedCatalyst
Copy link
Member

ClawedCatalyst commented Oct 2, 2023
edited
Loading

In mailer/views.py, at line 31, there is a POST API for creating a group.
Currently, there seems to be no validation regarding the user ID.

Here's the issue:

I can simply pass a user token and create a group with a different user ID. Consequently, the group is added to the account associated with the user ID that was passed.

Here's what should happen:

When a different user's ID is passed, it should raise an error, indicating 'permission denied.'"

image
@ClawedCatalyst ClawedCatalyst added hacktoberfest PR for Hacktoberfest good first issue Good for newcomers labels Oct 2, 2023
@lakshay-saini-au8
Copy link

@ClawedCatalyst I would like work on this

@ClawedCatalyst
Copy link
Member Author

lakshay-saini-au8 sure you can

@kiranrokkam09
Copy link

I would like to contribute to this issue. Is anybody working with it?

@ClawedCatalyst
Copy link
Member Author

you can start on this @kiranrokkam09 :)

@kiranrokkam09
Copy link

You are saying that only authenticated users can make a POST request to the endpoint.

@ClawedCatalyst
Copy link
Member Author

Yes only authenticated and id of user should be the authenticated user.
If I pass a different user id it should raise an error @kiranrokkam09

@kiranrokkam09 kiranrokkam09 mentioned this issue Oct 5, 2023
Closed
@kiranrokkam09
Copy link

@ClawedCatalyst you can check the pull request made by me. I added the following code:
views py - Visual Studio Code 05-10-2023 12_47_20 PM

@lakshay-saini-au8 lakshay-saini-au8 mentioned this issue Oct 6, 2023
Open
@lakshay-saini-au8
Copy link

@ClawedCatalyst Sorry for the dealy
here is the change please do review #17

@kiranrokkam09 kiranrokkam09 removed their assignment Oct 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers hacktoberfest PR for Hacktoberfest
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fixed validation in create group api
3 participants
@lakshay-saini-au8 @kiranrokkam09 @ClawedCatalyst