Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ticket listing and resolution API access should be closed to only moderators #126

Open
alexgarel opened this issue Nov 7, 2024 · 0 comments
Open

Ticket listing and resolution API access should be closed to only moderators #126

alexgarel opened this issue Nov 7, 2024 · 0 comments

Comments

@alexgarel
Copy link
Member

alexgarel commented Nov 7, 2024
edited by teolemon
Loading

What

Currently, it's the frontend that checks the moderator status but the API is open…

Expected behavior

The API should be given the openfoodfacts, cookie, check that the user is a moderator and give a token to continue the work.
(refer to folksonomy engine which is doing it)

The tokens should have a reasonable expiry and can be stored in the table.

Note by Pierre: ticket creation API should of course be public
@teolemon teolemon changed the title API access should be closed to only moderators Ticket listing and resolution API access should be closed to only moderators Nov 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
🛡️ Nutri-Patrol
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@alexgarel