Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Protect Address Book and me routes #616

Merged
merged 5 commits into from
Jan 1, 2020
Merged

Protect Address Book and me routes #616

merged 5 commits into from
Jan 1, 2020

Conversation

Amr3zzat
Copy link
Contributor

Protect Address book and me routes in security.yaml
related issues #569

@Amr3zzat Amr3zzat requested a review from a team as a code owner December 27, 2019 14:14
@mamazu
Copy link
Member

mamazu commented Dec 28, 2019

Thank you for your pull request. One thing I was woundering when looking through the documentation is: In the docs it says that the endpoint returns a 500 if the user does not own the address. If this behaviour has also changed then could you please update the documentation and add a note in the UPGRADE.md that this changed.

@Amr3zzat
Copy link
Contributor Author

@mamazu Thanks for review , I have updated the docs and the upgrade.

mamazu
mamazu approved these changes Dec 28, 2019
View reviewed changes
Copy link
Member

@mamazu mamazu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

@mamazu
Copy link
Member

mamazu commented Dec 28, 2019

Could you please rebase your pull request to the current master and also add the authorization documentation to the new "change password route"?

@Amr3zzat
Copy link
Contributor Author

@mamazu Sure I will do that

@Amr3zzat
Copy link
Contributor Author

@mamazu I have rebased the master , I checked the change password route in docs , the new protection will match with new route docs , It will return 401

@mamazu
Copy link
Member

mamazu commented Dec 30, 2019

I don't really get why the address book routes return a 404 when the customer does not have access to those routes instead of a 403 but as this seems to be Sylius default I am okay with it.

@mamazu mamazu merged commit 2280918 into Sylius:master Jan 1, 2020
@mamazu
Copy link
Member

mamazu commented Jan 1, 2020

Thanks, Amr! 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Yasser-G Yasser-G Yasser-G approved these changes

@mamazu mamazu mamazu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Amr3zzat @mamazu @Yasser-G