Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fix] User can delete any event (Front-end) #842

Merged
merged 5 commits into from
May 26, 2021
Merged

[Fix] User can delete any event (Front-end) #842

merged 5 commits into from
May 26, 2021

Conversation

AdityaBirangal
Copy link
Member

What kind of change does this PR introduce?
fix #832

Did you add tests for your changes?
No

If relevant, did you update the documentation?
Not required

Summary
Front-end (Flutter) part fixed
Back-end (API) will be get fixed in PalisadoesFoundation/talawa-api#261

Does this PR introduce a breaking change?
Nope

Other information
Github Externship Appication No. : 20-05_Adi500_tfa_262

@TheHazeEffect
Copy link
Contributor

I'm thinking Users shouldn't even see an option to delete if they are unable to,
What do you think? @palisadoes

@palisadoes
Copy link
Contributor

palisadoes commented May 25, 2021
edited
Loading

@TheHazeEffect, @AdityaBirangal Yes, that's true. The additional security of them not being able to do it in the API is going to be added. I'll open a bug issue for that.

The option should be removed in the app like you said.

@TheHazeEffect
Copy link
Contributor

@AdityaBirangal could you go ahead and hide the button for those who are unable to delete?
Apart from that everything else is solid, I'll review and merge it right after

@AdityaBirangal
Copy link
Member Author

It will be good as per users perspective if he/she didn't see an option to delete if he/she is not allowed.

I did required changes @TheHazeEffect
Please review it & let me know if any updates are required...

@palisadoes
Copy link
Contributor

@Sagar2366 @DeltaHarbinger Please take a look.

@AdityaBirangal
Copy link
Member Author

Done 👍🏻
@TheHazeEffect

@TheHazeEffect TheHazeEffect self-requested a review May 26, 2021 06:10
TheHazeEffect
TheHazeEffect approved these changes May 26, 2021
View reviewed changes
Copy link
Contributor

@TheHazeEffect TheHazeEffect left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Resolves Issue #832 for the Mobile application

Ready to be merged

I believe work still needs to be done to check user permission level in the api
to protect against direct requests, Probably best done by checking user's permission level by token.

@TheHazeEffect TheHazeEffect merged commit d4fa906 into PalisadoesFoundation:master May 26, 2021
@TheHazeEffect TheHazeEffect mentioned this pull request May 26, 2021
Closed
@AdityaBirangal
Copy link
Member Author

Yeah.
API level updates are in progress at PalisadoesFoundation/talawa-api#261

Ayush0Chaudhary pushed a commit to Ayush0Chaudhary/talawa that referenced this pull request Mar 29, 2023
@beingnoble03
adds test for DirectChatMessage/index.ts (PalisadoesFoundation#842)
7bc00cc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TheHazeEffect TheHazeEffect TheHazeEffect approved these changes

@Sagar2366 Sagar2366 Awaiting requested review from Sagar2366

@DeltaHarbinger DeltaHarbinger Awaiting requested review from DeltaHarbinger

Assignees

@AdityaBirangal AdityaBirangal

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Security Bug] User can delete any event (Front-end)
3 participants
@AdityaBirangal @TheHazeEffect @palisadoes