This repository has been archived by the owner on Mar 30, 2019. It is now read-only.
Limit users access to other profile information #134
Assignees
Labels
Milestone
Comments
ghost
added
the
|
It is doable, but at this scale, we don't need such feature in my opinion since not only it requires extra effort for backend but also makes frontend's tasks complicated. |
|
I think that request will be used when a user visits another user's profile, so we have to return some information. Also, we planned the platform such that all profiles are public, since there is no such feature as 'add friend' etc. Maybe, we can filter out some of the fields in the future if there is a problem with the response data, but it doesn't seem like a priority at this point if you don't have any other arguments. |
|
@mstfalp If we're on the same page, we can close the issue. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Limit users access to other profile information
A user (let's say user_id = 58) can access to all other users and their profile information by changing the id like
http://cultidate.herokuapp.com/api/user/59I am not sure if we talked about this before but I think it shouldn't return all the information for other users. We can either return a simpler response with name, surname, and profile picture or do not return any info at all.
The text was updated successfully, but these errors were encountered: