You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have different implementations at the moment where $username or $guid is part of the url path in the route configuration.
Sometimes it is optional and we then cannot add gatekeeper middleware because we implement default behaviour in the resource -> we mostly default to logged in user and then check if it is a user.
It would make things easier if the route username/guid is required, but can default to the logged in user. That way we can use middleware and have consistency in default logic.
One additional pattern (for example with /settings/user/foo_non_existing) is where a username is required, but is not required to be a valid user. This pattern needs to disappear. Passing an invalid username should result in a 404 (not fallback to another logged in user).
The text was updated successfully, but these errors were encountered:
We have different implementations at the moment where $username or $guid is part of the url path in the route configuration.
Sometimes it is optional and we then cannot add gatekeeper middleware because we implement default behaviour in the resource -> we mostly default to logged in user and then check if it is a user.
It would make things easier if the route username/guid is required, but can default to the logged in user. That way we can use middleware and have consistency in default logic.
One additional pattern (for example with /settings/user/foo_non_existing) is where a username is required, but is not required to be a valid user. This pattern needs to disappear. Passing an invalid username should result in a 404 (not fallback to another logged in user).
The text was updated successfully, but these errors were encountered: