Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
APIs do not respect LoggedInSiteUser permissions #16135
You can see this here by curling a piece of content that has only System.LoggedInSiteUser permissions - it should not be anonymously available.
This happens because our WebResource sets user to AnonUser if no user is found, which can gum up some of the permission checks.
After test the last changes we need some improvements here: