Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[management] Remove admin check on getAccountByID #2699

Merged
merged 2 commits into from
Oct 6, 2024

Conversation

pascal-fischer
Copy link
Contributor

Describe your changes

Issue ticket number and link

Checklist

  • Is it a bug fix
  • Is a typo/documentation fix
  • Is a feature enhancement
  • It is a refactor
  • Created tests that fail without the change (if possible)
  • Extended the README / documentation, if necessary

Copy link

sonarqubecloud bot commented Oct 6, 2024

@pascal-fischer pascal-fischer marked this pull request as ready for review October 6, 2024 14:59
@pascal-fischer pascal-fischer merged commit dbec24b into main Oct 6, 2024
20 of 21 checks passed
@pascal-fischer pascal-fischer deleted the fix/user-permissions-on-peers branch October 6, 2024 15:01
@glaeqen
Copy link
Contributor

glaeqen commented Oct 17, 2024

@mlsmaycon

I'm not sure if you guys have any regression testing but while this fixed an issue where a regular user with an unrestricted dashboard was getting 403s, now a regular user can see all the peers on /api/peers (without permissions) while /api/peers/<id> returns

{
    "message": "user ... has no access to peer ... under account ...",
    "code": 500
}

after clicking on a peer. I think this should be also HTTP 403 and not 500.

Rolling back to 0.28.3 (that somewhat worked) for now after getting somewhat burned by 0.30.0 and 0.30.2.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants