Skip to content

API Security - Competitions and Participants

Placeholder Ihsan Ullah requested to merge api_security_competition_collaborators into develop

@ mention of reviewers`

@Didayolo`

A brief description of the purpose of the changes contained in this PR.

This PR solves 2 issues:

  1. In http://localhost/api/competitions/ , emails of users were leaked.
  2. In http://localhost/api/participants/ , no participants will be shown unless this is accessed from the website and not from /api/participants

Competition users emails: Screenshot 2023-07-30 at 8 16 51 PM

Tested:

  • users emails are not leaked
  • participants are now shown in /api/participants
  • approve and revoke functionality works
  • sending email to participants works

Issues this PR resolves

Checklist

  • Code review by me
  • Hand tested by me
  • I'm proud of my work
  • Code review by reviewer
  • Hand tested by reviewer
  • CircleCi tests are passing
  • Ready to merge

Merge request reports