Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GET /document/:id/file doesn't require authorization #51

Closed
Crejak opened this issue May 20, 2019 · 0 comments
Closed

GET /document/:id/file doesn't require authorization #51

Crejak opened this issue May 20, 2019 · 0 comments
Assignees
@Crejak
Labels
bug

Comments

@Crejak
Copy link
Contributor

Crejak commented May 20, 2019

Similar to #50, anyone can access files from documents that have not been validated yet. It shouldn't be possible for a user that isn't admin, moderator or the author to consult a submission's file.
@Crejak Crejak added the bug label May 24, 2019
@Crejak Crejak mentioned this issue May 27, 2019
Closed
@Crejak Crejak self-assigned this May 27, 2019
@Crejak Crejak mentioned this issue May 27, 2019
Closed
Crejak added a commit to Crejak/UDV-server that referenced this issue May 27, 2019
@Crejak
GET /document/:id/file now requires auth VCityTeam#51
96beeb1
Crejak added a commit to Crejak/UDV-server that referenced this issue May 28, 2019
@Crejak
GET /document/:id/file now requires auth VCityTeam#51
b19a649
Crejak added a commit to Crejak/UDV-server that referenced this issue May 28, 2019
@Crejak
GET /document/:id/file now requires auth VCityTeam#51
2c8f0e7
Crejak added a commit to Crejak/UDV-server that referenced this issue May 28, 2019
@Crejak
GET /document/:id/file now requires auth VCityTeam#51
11ffe6f
Crejak added a commit to Crejak/UDV-server that referenced this issue May 28, 2019
@Crejak
GET /document/:id/file now requires auth VCityTeam#51
fc7dd95
@Crejak Crejak mentioned this issue May 28, 2019
Merged
@Crejak Crejak closed this as completed Jun 7, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Crejak Crejak

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Crejak