Bug #15790
Updated by Eric Biagiotti over 4 years ago
Your token Data is the same so you can only see data you have access limited, but some actions seem to and perform operations the API lets you. work. For example, I was able to delete my links, a link, and create a a group, but I couldn't make myself an admin. Before routing to admin pages, we should be checking probably check that the current user is an admin.