Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unrestricted Exposure of User Data Through the User Query #2214

Open
krishna619 opened this issue Apr 16, 2024 · 13 comments
Open

Unrestricted Exposure of User Data Through the User Query #2214

krishna619 opened this issue Apr 16, 2024 · 13 comments
Labels
bug Something isn't working

Comments

@krishna619
Copy link

Describe the bug
The affected query is User($id: ID!) which fetches detailed information about a user based on the user ID provided. The current implementation does not restrict users from querying information about others, which violates common privacy principles and data access controls.

query User($id: ID!) {
    user(id: $id) {
        user {
            _id
            joinedOrganizations {
                _id
            }
            phone {
                mobile
            }
            address {
                line1
                countryCode
                city
                state
            }
        }
        appUserProfile {
            _id
            adminFor {
                _id
            }
        }
    }
}

Potential internship candidates
Please read this if you are planning to apply for a Palisadoes Foundation internship PalisadoesFoundation/talawa#359

@krishna619 krishna619 added the bug Something isn't working label Apr 16, 2024
@github-actions github-actions bot added the unapproved Unapproved for Pull Request label Apr 16, 2024
Copy link

This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue.

@github-actions github-actions bot added the no-issue-activity No issue activity label Apr 27, 2024
@AdityaRaimec22
Copy link

AdityaRaimec22 commented Sep 16, 2024

@palisadoes can I get assigned to the issue.

@github-actions github-actions bot removed the no-issue-activity No issue activity label Sep 17, 2024
@Cioppolo14 Cioppolo14 removed the unapproved Unapproved for Pull Request label Sep 17, 2024
Copy link

This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue.

@github-actions github-actions bot added the no-issue-activity No issue activity label Sep 28, 2024
@palisadoes
Copy link
Contributor

Unassigning. Inactivity

@github-actions github-actions bot removed the no-issue-activity No issue activity label Oct 6, 2024
@rohansen856
Copy link

@palisadoes i would like to work on this issue. please assign me this issue. thank you.

@nitintwt
Copy link

@palisadoes @Cioppolo14 Can you please assign this issue to me. Already resolved the issue locally and wanted to make a PR. Thank you

@palisadoes
Copy link
Contributor

@nitintwt I've assigned it to you

Copy link

github-actions bot commented Nov 7, 2024

This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue.

@github-actions github-actions bot added the no-issue-activity No issue activity label Nov 7, 2024
@Cioppolo14 Cioppolo14 removed the no-issue-activity No issue activity label Nov 21, 2024
Copy link

github-actions bot commented Dec 2, 2024

This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue.

@github-actions github-actions bot added the no-issue-activity No issue activity label Dec 2, 2024
@palisadoes palisadoes assigned nitintwt and unassigned nitintwt Dec 2, 2024
@github-actions github-actions bot removed the no-issue-activity No issue activity label Dec 3, 2024
@palisadoes
Copy link
Contributor

unassigning. Inactivity

@Suyash878
Copy link

I would like to work on this.

@Cioppolo14
Copy link
Contributor

@Suyash878 Our policy is to assign no more than two issues to each contributor across all repositories. This way everyone gets a chance to participate in the projects. We sometimes give exceptions for more urgent cases and sometimes we lose track, but the policy stands. You have reached your limit, please wait until your existing issues are closed before requesting more issues. You could unassign yourself from one of the other issues too.

@Suyash878
Copy link

@Cioppolo14 I have unassigned myself from this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

7 participants