You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is currently (weak; see #2) security around fetching the full details of existing reservations, but there is no password required to create, edit or delete a reservation. Editing and deleting requires having an existing reservation's ID, which can't be obtained without the password; nevertheless it's poor form to have these endpoints unsecured.
Refactor the router to be a class with add, edit, delete, get and getBasic methods.
Write a decorator function require_auth which can wrap the above methods to secure them. The logic for this function can be taken from the current get_reservations file.
Apply the new decorator to the add, edit, delete and get methods.
The text was updated successfully, but these errors were encountered:
There is currently (weak; see #2) security around fetching the full details of existing reservations, but there is no password required to create, edit or delete a reservation. Editing and deleting requires having an existing reservation's ID, which can't be obtained without the password; nevertheless it's poor form to have these endpoints unsecured.
add
,edit
,delete
,get
andgetBasic
methods.require_auth
which can wrap the above methods to secure them. The logic for this function can be taken from the currentget_reservations
file.add
,edit
,delete
andget
methods.The text was updated successfully, but these errors were encountered: