Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add @RequiresAuthentication to SystemPluginResource #4863

Closed
1Jesper1 opened this issue Jun 23, 2018 · 0 comments
Closed

Add @RequiresAuthentication to SystemPluginResource #4863

1Jesper1 opened this issue Jun 23, 2018 · 0 comments
Assignees
Milestone

Comments

@1Jesper1
Copy link

@1Jesper1 1Jesper1 commented Jun 23, 2018

@Api(value = "System/Plugins", description = "Plugin information")

@dennisoelkers dennisoelkers self-assigned this Jun 25, 2018
@dennisoelkers dennisoelkers added this to the 3.0.0 milestone Jun 25, 2018
dennisoelkers added a commit that referenced this issue Jun 26, 2018
Before this change, the `SystemPluginResource` which returns the list of
installed plugins for this node, did not require any authentication at
all. This might lead to unnecessary disclosure of harmful information
and should be avoided.

Therefore this change adds the annotation which requires the caller of
the `SystemPluginResource` to be authenticated. If this is not
sufficient, a further check for a permission can be introduced.

Fixes #4863.
@bernd bernd closed this in #4868 Jun 28, 2018
bernd added a commit that referenced this issue Jun 28, 2018
Before this change, the `SystemPluginResource` which returns the list of
installed plugins for this node, did not require any authentication at
all. This might lead to unnecessary disclosure of harmful information
and should be avoided.

Therefore this change adds the annotation which requires the caller of
the `SystemPluginResource` to be authenticated. If this is not
sufficient, a further check for a permission can be introduced.

Fixes #4863.
bernd added a commit that referenced this issue Jun 28, 2018
Before this change, the `SystemPluginResource` which returns the list of
installed plugins for this node, did not require any authentication at
all. This might lead to unnecessary disclosure of harmful information
and should be avoided.

Therefore this change adds the annotation which requires the caller of
the `SystemPluginResource` to be authenticated. If this is not
sufficient, a further check for a permission can be introduced.

Fixes #4863.

(cherry picked from commit 267be4a)
dennisoelkers added a commit that referenced this issue Jun 28, 2018
…4875)

Before this change, the `SystemPluginResource` which returns the list of
installed plugins for this node, did not require any authentication at
all. This might lead to unnecessary disclosure of harmful information
and should be avoided.

Therefore this change adds the annotation which requires the caller of
the `SystemPluginResource` to be authenticated. If this is not
sufficient, a further check for a permission can be introduced.

Fixes #4863.

(cherry picked from commit 267be4a)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

2 participants