Some Item edit pages are accessible by anonymous users #2609
Labels
authorization
related to authorization, permissions or groups
bug
high priority
ux
User Experience related works
Milestone
Describe the bug
A few of the
item/*/edit/*
pages do not seem to have properly configured guards.As far as I see all of these pages are non-functional, so the impact of this bug is minimal.
It's likely that there are other similar cases -- would be good to look for more examples and address them in one go.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Users without the necessary authorizations (and especially anonymous users) should not have access to administrator pages.
Instead, they should be redirected to the login page, or be shown a 403 page.
Related work
#2247
The text was updated successfully, but these errors were encountered: