Skip to content

Inbox permissions doesn't work as expected

For the sib-notifications component, we should have the following permission:

  • Anonymous users & logged in users: can create notifications but can't read
  • Inbox owners: can read + update all notifications

Today, we still have these issues:

  • Anonymous users & logged in users: can read all notifications (/notifications/ and /users/2/inbox/)
  • Inbox owners: can't read own notifications (/notifications/1/)

Related issue: startinblox/djangoldp-packages/djangoldp-notifications#2