Skip to content

Fix Access Control Issues and Add Proper Event Validation #190

@mubarak23

Description

@mubarak23

Several functions have inconsistent or missing access control, and some validation logic has potential issues.
Problems Identified

attendee_event_details() only checks caller's registration but doesn't validate if caller should access that specific event
Functions like attendees_registered() and event_registration_count() only check ownership but don't validate event exists
Missing validation in some functions for zero event IDs

Current Code Issues

In attendee_event_details() - potential issue
let register_event_id = self.event_registrations.read(get_caller_address());
assert(event_id == register_event_id, 'different event_id');
// This only checks if caller registered for ANY event, not THIS event

Acceptance Criteria

Add event existence validation helper function
Fix access control in attendee_event_details()
Add proper validation for all event query functions
Implement consistent error handling patterns
Add tests for edge cases and access control scenarios

Metadata

Metadata

Assignees

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions