sv.post (in branch will-test) is restricted to posting the owner's id instead of any friend

Question

sv.post (in branch will-test) is restricted to posting the owner's id instead of any friend

Closed this issue 9 years ago · 0 comments

This route should be private to the owner - i.e., they should be the only one who is able to edit permissions on their own statuses. But the route is logically incorrect right now as it returns an error unless the user_id === owner_id, when in fact it should just check to make sure the users are friends first.