senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/veza-backend-api/internal/core
History
senke 1428adeefc [BE-SEC-002] security: Fix ownership verification for track updates/deletes 
- Verified RequireOwnershipOrAdmin middleware is correctly applied to PUT/DELETE /tracks/:id
- Verified trackOwnerResolver correctly loads track from DB and returns user_id
- Added comprehensive integration tests for ownership verification
- Test: user cannot update another user's track (403 Forbidden)
- Test: user cannot delete another user's track (403 Forbidden)
- Test: admin can update any track (200 OK)
- Test: admin can delete any track (200 OK)
- Test: user can update own track (200 OK)
- Test: user can delete own track (200 OK)
- All tests pass

Phase: PHASE-1
Priority: P0
Progress: 2/267 (0.7%)
2025-12-23 01:37:10 +01:00
..
auth stabilizing veza-backend-api: P1 & P2 2025-12-16 13:34:08 -05:00
collaboration adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
education adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
marketplace STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
social stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00
track [BE-SEC-002] security: Fix ownership verification for track updates/deletes 2025-12-23 01:37:10 +01:00