docs: make TODO note about authorization clearer

AstroPlant · Mar 19, 2024 · 858ba71 · 858ba71
1 parent a5d0490
commit 858ba71
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/astroplant-api/src/controllers/user/mod.rs b/astroplant-api/src/controllers/user/mod.rs
@@ -101,8 +101,9 @@ pub async fn list_kit_memberships(
     )
     .await?;
 
-    // TODO: perhaps only return kits that we are allowed to view (i.e., those that have a public
-    // dashboard, or those that we are a member of)
+    // TODO: perhaps only return kits that the querying user (not the user being queried) is
+    // allowed to view (i.e., those kits that have a public dashboard, or those that the querying
+    // user is a member of)
 
     let user_id = user.get_id();
     let conn = pg.get().await?;