Api security (competitions and phases)
@ mention of reviewers`
@Didayolo
@dtuantran`
A brief description of the purpose of the changes contained in this PR.
Competitions and Phases apis are fixed. Now the following will happen
http://localhost/api/competitions/)
Competitions(Show competitions where
- user is owner
- user is a collaborator
- competition is public
- user is an approved participant
http://localhost/api/phases/)
Competitions(Show phases where
- user is owner of the competition to which this phase belongs
- competition is public to which this phase belongs
Additional fix:
Leaked uses in api/participants fixed to show participants of a competition and fixed the issue of participant approval and revoking
Issues this PR resolves
Checklist
-
Code review by me -
Hand tested by me -
I'm proud of my work -
Code review by reviewer -
Hand tested by reviewer -
CircleCi tests are passing -
Ready to merge