cesnimda/jobtrackingapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix cross-user job history leak

Browse Source
This commit is contained in:
cesnimda
2026-04-11 17:05:52 +02:00
parent 41595605b9
commit 811963749e
4 changed files with 227 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
JobTrackerApi/Controllers/JobApplicationsController.cs
+3
View File
@@ -1676,6 +1676,9 @@ Canonical profile:
[HttpGet("{id:int}/history")]
public async Task<ActionResult<List<JobEventDto>>> GetHistory([FromRoute] int id, CancellationToken cancellationToken)
{
var exists = await _db.JobApplications.AnyAsync(j => j.Id == id, cancellationToken);
if (!exists) return NotFound();
var items = await _db.JobEvents
.AsNoTracking()
.Where(e => e.JobApplicationId == id)