Missing Authorization - Server Component
- Vulnerable 1
- Vulnerable 2
- Solution 1
- Solution 2
Below, a list of unpublished blog posts will appear for logged-in users - similar to a "Drafts" list in a CMS.
Each unpublished blog post should only be visible for the owner of the post.
Each unpublished blog post should only be visible for the owner of the post.
Unpublished Blog Posts
Alice's second post (unpublished)
Published: false
This is Alice's second post. It's not published, so this is private data that only Alice should be able to view and edit.
Bob's first post (unpublished)
Published: false
This is Bob's first post. It's not published, so this is data only Bob should be able to view and edit.