hub icon indicating copy to clipboard operation
hub copied to clipboard

Published 20 hours ago verified publisher icon gdg-x

middleware.auth roles don't work

Open Splaktar opened this issue 7 years ago • 1 comments

For example the tag update endpoint says that it requires admin role, but even when I'm not logged in and all cookies/cache is cleared, I can still modify the tag.

  app.route('put', '/tags/:tagId', {
      summary: 'Updates a single tag, requires admin role'
    },
    middleware.auth({roles: ['admin']})

This needs to be resolved before we can add more functionality to the Hub in regards to editing anything (chapters, events, tags, etc).

This is related to PR #53.

Splaktar avatar Mar 12 '17 00:03 Splaktar

It might be possible to solve this by using Cloud Endpoints (#99) with Firebase Auth instead of middleware.auth.

Splaktar avatar Mar 17 '17 15:03 Splaktar