feat: add input validation on admin endpoints #18

closed

opened by

dunkirk.sh edited 2 weeks ago

/api/classes/:id/archive - Doesn't verify class exists before toggling
/api/meetings/:id PUT - No validation that meeting belongs to admin-accessible class
/api/transcripts/:id/select - Doesn't validate transcription status

~1 hour

Add existence and ownership validation

From LAUNCH_REVIEW.md Issue #28

The admin should be able to access any class they want but validation should be done on everything else

Labels

None yet.

priority

medium

assignee

dunkirk.sh

Participants 1

AT URI

at://did:plc:krxbvxvis5skq7jj6eot23ul/sh.tangled.repo.issue/3m6d4dyhiih2a