By editing the url, players can gain access to levels they have not unlocked.

[stigsfoot]

For example by changing the url from 'http://localhost:8080/module/1/level/1/questions/' to 'http://localhost:8080/module/1/level/3/questions/', a they can gain access to a level that they have not unlocked. Not sure if this is worth worrying about. One potential solution would be if a user tries to do this, they are redirected to another screen if they do not have access to that level.

Aha! Link: https://nditech.aha.io/features/G4G-93

[jatin-narang]

Thanks for acknowledging this bug, this shouldn't be allowed. Fixed this issue now if a user edits the URL to any other level which is not unlocked it will be redirected back to levels page for that particular module.

[blynchNDI]

@jatin-narang The redirect feature sounds good. I don't see it implemented in the latest version in the repo. Is it still in progress or maybe not yet committed?