[Bug] Able to get book with the wrong URL #11
Comments
|
The spec did not specify that undocumented endpoints/parameters should be blocked. In this case the documented functionality of search and loaning is not affected at all. The current behavior is in the principle that undocumented parameters ( |
|
Disagree. The specification does explicitly specify both paths "books/id" and "books" to have different functionality, in which being able to loan and get book record respectively. Noted that Currently removed the invalid label for this and #12 . Would like @comp4111ta to make the judgement |
|
Perhaps my example is confusing. But I am talking about the path, not "id=30". It just shows that how filter function still works even for the wrong path. This may give a better picture in showing how access the wrong path "/books/40" can still do what "/books" should achieve
|
|
The said “path” usage is only documented under Also, please kindly respect the rule that only developers of the repo is responsible for tagging labels. |
|
sorry for removing the tagging label. Would rather not confuse @comp4111ta since evaluation should be based on TA |
|
I agree that this looks confusing, but again, the project specification does not require blocking of undocumented endpoints/usages/parameters, and this issue does not affect endpoints required by the spec at all. This issue should be ruled as out of scope. |
|
TA Verified: This is not considered as a bug. (Undefined bug by spec) |
correct url for searching book should be /BookManagementService/books?token=. However, it's also possible to use /BookManagementService/books/30?token= as long as it is a GET request. This wrong url should only be used for loaning.
The text was updated successfully, but these errors were encountered: