Feature/isolate organization api (!540) · Merge requests · pantomath-io / panto

Charles Francoise requested to merge feature/isolate-organization-api into develop Nov 18, 2020

Describe the MR

Change ListOrganizations and GetOrgranization handlers to only display Organizations the authenticated User (from the request context) is a member of.

Why was this MR needed?

A User could see all Organizations, and this was a problem for multi-tenant installations, like https://panto.watch

Extra-care points?

The dbconf package was updated to take a user's UUID. This is not perfect. In the upcoming days of the glorious refactor, we should pass context down from the request to all functions in the dbconf package...

Does this MR meet the acceptance criteria?

Documentation created/updated
CHANGELOG updated
Unit Tests added/updated

What are the relevant issue numbers?

#675 (closed)

License and Developer Certificate of Origin

By contributing to Pantomath SAS, You accept and agree to the following terms and conditions for Your present and future Contributions submitted to Pantomath SAS. Except for the license granted herein to Pantomath SAS and recipients of software distributed by Pantomath SAS, You reserve all right, title, and interest in and to Your Contributions. All Contributions are subject to the following Developer Certificate of Origin and License terms.

Edited Nov 18, 2020 by Charles Francoise

Feature/isolate organization api