Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce permission checks for WRITE access via http #1092

Merged
merged 3 commits into from
Dec 15, 2020

Conversation

kulmann
Copy link
Member

@kulmann kulmann commented Dec 14, 2020

This PR introduces permission checks for the write access http endpoints, so this already improves security.

There is another issue, that users can save values of other users. This is not tackled, yet. Could happen in a separate PR if we want to merge this one here quickly.

@update-docs

This comment has been minimized.

@kulmann kulmann requested a review from C0rby December 14, 2020 16:32
@kulmann kulmann force-pushed the settings-permission-checks branch from cdeafa2 to 0705a36 Compare December 14, 2020 22:19
@kulmann kulmann marked this pull request as ready for review December 14, 2020 23:08
@kulmann kulmann requested a review from LukasHirt as a code owner December 14, 2020 23:08
@kulmann kulmann force-pushed the settings-permission-checks branch from 657a6b9 to 633391e Compare December 14, 2020 23:25
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@kulmann kulmann merged commit a8056f2 into master Dec 15, 2020
@delete-merged-branch delete-merged-branch bot deleted the settings-permission-checks branch December 15, 2020 08:33
ownclouders pushed a commit that referenced this pull request Dec 15, 2020
Merge: f9f9056 633391e
Author: Benedikt Kulmann <[email protected]>
Date:   Tue Dec 15 09:32:59 2020 +0100

    Merge pull request #1092 from owncloud/settings-permission-checks

    Introduce permission checks for WRITE access via http
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants