Project

General

Profile

Actions
Copy link

Bug #15790

open

[Workbench2] Non-admin users can access admin pages via urls

Added by Eric Biagiotti over 4 years ago. Updated about 2 months ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
Workbench2
Target version:
Future
Story points:
-
Release:
Postponed
Release relationship:
Auto

Description

Your token is the same so you can only see data you have access to and perform operations the API lets you. For example, I was able to delete my links, and create a group, but I couldn't make myself an admin.

Before routing to admin pages, we should be checking that the current user is an admin.

Actions
Copy link
 #1

Updated by Eric Biagiotti over 4 years ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Eric Biagiotti over 4 years ago

  • Description updated (diff)
Actions
Copy link
 #3

Updated by Peter Amstutz about 4 years ago

  • Release set to 20
Actions
Copy link
 #4

Updated by Peter Amstutz about 1 year ago

  • Release changed from 20 to 60
Actions
Copy link
 #5

Updated by Peter Amstutz about 2 months ago

  • Target version set to Future
Actions
Copy link

Also available in: Atom PDF