Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Membership clarification #51

Open
jmgasper opened this issue May 6, 2020 · 0 comments
Open

Membership clarification #51

jmgasper opened this issue May 6, 2020 · 0 comments

Comments

@jmgasper
Copy link
Contributor

jmgasper commented May 6, 2020

Currently, our call to get the groups for launching a challenge returns all groups, not just the groups the user has access to

Currently

We're calling GET https://api.topcoder-dev.com/v5/groups with an Authorization header for the user

Change

I'm expecting we'll have to make a call like this, with the memberId and membershipType, but I want to make sure this will actually return the groups the user has access to. For TonyJ in dev, it returns an empty list.

https://api.topcoder-dev.com/v5/groups?memberId=8547899&membershipType=group

Expectation

I need to have a call that returns just the groups the current has access to so I can update the challenge-engine-UI to only show those instead of all groups. Please clarify what the request should look like.

Ideally speaking, the below end point should have been made robust to return the groups which the user has access to.

https://api.topcoder-dev.com/v5/groups/memberGroups/:memberId

The work around way by calling /groups with memberId is not robust and it lacks security checks IMHO.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jmgasper