Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exports: Security Issue #1285

Closed
jamlung-ri opened this issue Apr 29, 2022 · 2 comments
Closed

Exports: Security Issue #1285

jamlung-ri opened this issue Apr 29, 2022 · 2 comments
Assignees
@snyaggarwal
Labels
api2 OCL API v2 bug Something isn't working

Comments

@jamlung-ri
Copy link
Contributor

jamlung-ri commented Apr 29, 2022
edited
Loading

There was a Private collection that I cannot access via API (as expected), but I can access it by adding export to the end. Should this be allowed without authorization? Loom video as an example.

One potential dependency - does this affect the OpenMRS subscription module? Will they now need to input an API auth token? That might break some implementations for a bit. @paynejd has messaged OpenMRS squad to find out.

Edit: OpenMRS Subscription Module requires an API token, so this change should not affect them. We should be clear to move this forwrard.
@jamlung-ri jamlung-ri added the bug Something isn't working label Apr 29, 2022
@snyaggarwal snyaggarwal added the api2 OCL API v2 label May 2, 2022
snyaggarwal added a commit to OpenConceptLab/oclapi2 that referenced this issue May 2, 2022
@snyaggarwal
OpenConceptLab/ocl_issues#1285 | Repo export behind permission
1c287cf
@snyaggarwal
Copy link
Contributor

this is deployed on all environments

@jamlung-ri
Copy link
Contributor Author

This is working well!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@snyaggarwal snyaggarwal

Labels
api2 OCL API v2 bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@snyaggarwal @jamlung-ri