Skip to content

[Comments] Any user can create and get comments for a cooperation they are not involved in #18

New issue
New issue
Open
Open
[Comments] Any user can create and get comments for a cooperation they are not involved in#18
Labels
BackendbugSomething isn't workingsprint 1Tasks/Features that should to do on 1 sprint
@Roman-Peretiatko

Description

@Roman-Peretiatko
Roman-Peretiatko
opened on Aug 25, 2023

Description: Any user can create and get comments for a cooperation they are not involved in

Reproducible: always.

Preconditions:
The user is logged in.

Steps to reproduce:

  1. Create a comment for a cooperation current user not involved in (niether initiator nor receiver).

Actual result:
The comment is created.

Expected result:
A forbidden error must appear.

Metadata

Metadata

Assignees

No one assigned

    Labels

    BackendbugSomething isn't workingsprint 1Tasks/Features that should to do on 1 sprint

    Type

    No type

    Projects

    Space2Studymvp

    Status

    Bugs

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions