Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User - Get - Cannot retrieve your own user #141

Closed
Brend-Smits opened this issue May 21, 2020 · 0 comments · Fixed by #143
Closed

User - Get - Cannot retrieve your own user #141

Brend-Smits opened this issue May 21, 2020 · 0 comments · Fixed by #143
Assignees
@wotwot563
Labels
bug Something isn't working priority Only assign this label if it's asked to assign this label requires development
Projects
Sprint 4 - Backend

Comments

@Brend-Smits
Copy link
Member

Brend-Smits commented May 21, 2020
edited

Describe the bug
As a registered user, I cannot use the get-user endpoint to retrieve my own profile information.

To Reproduce
Steps to reproduce the behavior:

  1. Make a call to /api/User/{{IDENTITY ID HERE}}
  2. See that you get 403 Forbidden instead of your user profile

Expected behavior
You should be able to retrieve your own user profile. Users with the right access should be able to retrieve other users as well (by id).

What needs to be done is:

  1. If no identity id is entered, assume the user is requesting their own profile and get identity id by HTTPcontext.
  2. If the user is requesting their own profile, it's okay and it should always be allowed.
  3. If the identity id is specified and they have permission(they have the required role/scope) to request the specific user, it should be allowed.
  4. If the identity id is specified but the user does not have required permission and it's not their own identity id, it should return 401 Unauthorized.
@Brend-Smits Brend-Smits added bug Something isn't working requires development priority Only assign this label if it's asked to assign this label labels May 21, 2020
@Brend-Smits Brend-Smits mentioned this issue May 21, 2020
Closed
@wotwot563 wotwot563 self-assigned this May 21, 2020
@wotwot563 wotwot563 mentioned this issue May 21, 2020
Merged
13 tasks
@wotwot563 wotwot563 moved this from To do to Review in progress in Sprint 4 - Backend May 21, 2020
Sprint 4 - Backend automation moved this from Review in progress to Done May 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wotwot563 wotwot563

Labels
bug Something isn't working priority Only assign this label if it's asked to assign this label requires development
Projects
No open projects
Sprint 4 - Backend
  
Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

created a user self endpoint DigitalExcellence/dex-backend
2 participants
@Brend-Smits @wotwot563