Authorization list in dashboard doesn't filter by user/identity, DELETE endpoint lacks auth check #6

New issue

Closed

opened 2025-11-13 09:49:51 +00:00 by arne · 1 comment

arne commented 2025-11-13 09:49:51 +00:00

Owner

Copy link

I can see all authorizations on the server, not just the one for my user

This also means we don't correctly guard the DELETE endpoint, since I can delete all of these.

I can see all authorizations on the server, not just the one for my user   This also means we don't correctly guard the DELETE endpoint, since I can delete all of these.

2025-11-13_104802.png

93 KiB

2025-11-13_104810.png

86 KiB

arne added the

bug

label 2025-11-13 09:50:30 +00:00

laurence was assigned by arne 2025-11-13 09:50:34 +00:00

laurence referenced this issue from a commit 2025-11-13 11:11:38 +00:00

fix bugs of #6

laurence commented 2025-11-13 13:51:54 +00:00

Owner

Copy link

fixed

fixed

laurence closed this issue 2025-11-13 13:54:41 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

laurence/issue-5

arne/test-infra

No results found.

Labels

Clear labels   

bug

A defect that needs fixing

  

small

Little things that can be fixed trivially, best to batch these up

No labels

bug

small

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

laurence

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

gaiwan/Oak#6

No description provided.