Feature/isolate organization api
Describe the MR
Change ListOrganizations
and GetOrgranization
handlers to only display Organizations the authenticated User (from the request context) is a member of.
Why was this MR needed?
A User could see all Organizations, and this was a problem for multi-tenant installations, like https://panto.watch
Extra-care points?
The dbconf
package was updated to take a user's UUID. This is not perfect. In the upcoming days of the glorious refactor, we should pass context down from the request to all functions in the dbconf
package...
Does this MR meet the acceptance criteria?
-
Documentation created/updated -
CHANGELOG updated -
Unit Tests added/updated
What are the relevant issue numbers?
License and Developer Certificate of Origin
-
By contributing to Pantomath SAS, You accept and agree to the following terms and conditions for Your present and future Contributions submitted to Pantomath SAS. Except for the license granted herein to Pantomath SAS and recipients of software distributed by Pantomath SAS, You reserve all right, title, and interest in and to Your Contributions. All Contributions are subject to the following Developer Certificate of Origin and License terms.
Edited by Charles Francoise