[BUG] Users can access any /teach route from URL
Closed this issue · 0 comments
brianmarete commented
Describe the bug:
Any authenticated user can access a /teach route from shared link
Expected Behavior
A user should only be able to access a /teach routes of a chapter they have authored
Steps to reproduce
- Create a new h5p chapter
- Copy the URL to any /teach subroute of the h5p chapter
- Access the URL from another account