Skip to content

GitLab

Explore

Sign in

Api security - competitions and edit competition

Review changes
Download
Patches
Plain diff

Placeholder Ihsan Ullah requested to merge api_security_competitions into develop Aug 01, 2023

Overview 5
Commits 4
Pipelines 0
Changes 7

@ mention of reviewers`

@Didayolo`

A brief description of the purpose of the changes contained in this PR.

The following problems are solved

http://localhost/api/competitions/ was exposing all competitions even not published
users were able to see competition info in edit screen of any competition by just adding edit to competition link e.g. adding edit to competitions/11 --> competitions/edit/11

To test

http://localhost/api/competitions/ is not leaking any private competitions
you can access a competition with valid secret key while loggedin and not loggedin
you cannot enter edit screen of a competition if you are not admin/collaborator
you can search competitions using searchbar
you can see expected competitions in public/features/mine/participating in

Issues this PR resolves

#971 (closed)
#1020 (closed)

Checklist

Code review by me
Hand tested by me
I'm proud of my work
Code review by reviewer
Hand tested by reviewer
CircleCi tests are passing
Ready to merge

Merge request reports

Assignee Loading

Reviewers Loading

Request review from

Loading

Time tracking Loading

Loading