fix(sec): protect transition route (!82) · Merge requests · ACIDES / Hiboo · GitLab

Snippets Groups Projects

Merged f00wl requested to merge fix-security-issue into main 11 months ago

All threads resolved!

Fix a security issue that allowed anybody to apply a transition to any profile.

require user to be logged to apply a transition
only profile own and admin can apply a transition

Fix #135 Ref !80 (merged)

Activity

f00wl changed milestone to %0.1.0 (reboot) 11 months ago

changed milestone to %0.1.0 (reboot)
f00wl added app / core priority / critical type / security 🔴 labels 11 months ago

added app / core priority / critical type / security 🔴 labels
f00wl requested review from @kaiyou 11 months ago

requested review from @kaiyou
f00wl assigned to @f00wl 11 months ago

assigned to @f00wl
f00wl @f00wl started a thread on an old version of the diff 11 months ago

Resolved 11 months ago by ornanovitch
Last reply by ornanovitch 11 months ago

ornanovitch added 1 commit 11 months ago

added 1 commit

0d6663c4 - fix(sec): use predefined `authorized` function from actions.py

Compare with previous version

ornanovitch resolved all threads 11 months ago

resolved all threads

kaiyou approved this merge request 11 months ago

approved this merge request

ornanovitch added 1 commit 11 months ago

added 1 commit

28d25c24 - fix(sec): harmonize syntax

Compare with previous version

ornanovitch enabled an automatic merge when the pipeline for succeeds 11 months ago

enabled an automatic merge when the pipeline for 28d25c24 succeeds

ornanovitch merged 11 months ago

merged

ornanovitch mentioned in commit 11 months ago

mentioned in commit f173cf0d

Please register or sign in to reply