Code Room
Code reviewHardcr-g036
Subject Missing authorizationLevel Senior–Staff~30 minCommon in Security interviewsIndustries Software development

Question

Review this Python (FastAPI + SQLAlchemy) profile-update endpoint.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewpython
@router.patch('/me')def update_me(updates: dict, db: Session = Depends(get_db),              user: User = Depends(current_user)):    for field, value in updates.items():        setattr(user, field, value)    db.add(user)    db.commit()    return {'ok': True}
Run or narrate your approach, then ask the coach.