Use scopes for User admin attribute updates #247

github-actions · 2022-03-05T05:40:04Z

Use scopes to control who can update previously admin scoped attributes of a User model.

rest-api/src/placeos-rest-api/controllers/users.cr

Lines 158 to 169 in aa815ec

    
           def update 
        
             # Allow additional attributes to be applied by admins 
        
             # (the users themselves should not have access to these) 
        
             # TODO:: Use scopes. 
        
             body = self.body.gets_to_end 
        
             if is_admin? 
        
               user.assign_admin_attributes_from_json(body) 
        
             end 
        
             user.assign_attributes_from_json(body) 
        
             save_and_respond user 
        
           end

The text was updated successfully, but these errors were encountered:

github-actions bot added the todo label Mar 5, 2022

github-actions bot assigned caspiano Mar 5, 2022

caspiano changed the title ~~: Use scopes.~~ Use scopes for User admin attribute updates Mar 5, 2022

caspiano added the type: discussion Issue that can be resolved with discussion label Mar 5, 2022

caspiano removed their assignment Mar 5, 2022

caspiano added type: refactor type: security Issue related to Security labels Mar 5, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use scopes for User admin attribute updates #247

Use scopes for User admin attribute updates #247

github-actions bot commented Mar 5, 2022 •

edited by caspiano

Loading

Use scopes for User admin attribute updates #247

Use scopes for User admin attribute updates #247

Comments

github-actions bot commented Mar 5, 2022 • edited by caspiano Loading

github-actions bot commented Mar 5, 2022 •

edited by caspiano

Loading