Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restrict GET /users API to authenticated users #75

Merged
merged 1 commit into from Jul 9, 2018
Merged

Restrict GET /users API to authenticated users #75

merged 1 commit into from Jul 9, 2018

Conversation

isabelcosta
Copy link
Member

@isabelcosta isabelcosta commented Jul 2, 2018
edited

Description

  • This PR restricts the GET /users API for authenticated users.
  • This should be merged after PR Integrate flask-jwt-extended #64 which fixes some exception throwing from flask-jwt library.
  • Restrict some information of users, that should not be seen by other users. (needs discussion)
    • Username -> visible
  • Make GET /users/verified also retricted

Fixes #72

Type of Change:

  • Code

Code/Quality Assurance Only

  • Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

  • Tested GET /users API on Swagger UI
  • Developed a test to attempt to access this API without an access token

Checklist:

  • My PR follows the style guidelines of this project
  • I have performed a self-review of my own code or materials
  • Any dependent changes have been merged
  • Update Swagger documentation and the exported file at /docs folder

Code/Quality Assurance Only

  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

@isabelcosta
Copy link
Member Author

@m-murad @Dilu9218 until we add environment variables for the email verification on the deployed server, its best if we don't merge this, to better debug if a user is being registered into the system. To be able to check the users list without being logged in

@Dilu9218
Copy link
Contributor

Dilu9218 commented Jul 6, 2018

please solve conflicts in the same swagger.json :)

@isabelcosta
Copy link
Member Author

@Dilu9218 conflicts are fixed!

@Dilu9218 Dilu9218 merged commit 2b445a0 into anitab-org:gsoc18-code Jul 9, 2018
@isabelcosta isabelcosta deleted the restrict-users-api branch July 15, 2018 16:55
@isabelcosta isabelcosta added the Program: GSOC Related to work completed during the Google Summer of Code Program. label Aug 9, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Dilu9218 Dilu9218 Dilu9218 approved these changes

@m-murad m-murad m-murad approved these changes

Assignees
No one assigned
Labels
Program: GSOC Related to work completed during the Google Summer of Code Program.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@isabelcosta @Dilu9218 @m-murad