This repository has been archived by the owner on Oct 11, 2020. It is now read-only.
Check uploader's permissions before uploading a package #3
Labels
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Currently any user can upload a package and potentially overwrite another user's package. Permission checks should be put into place to restrict access (based on the user's group, and whether the user is a maintainer of that package). Django does not currently support row-level permissions, so this needs to be done via other means.
The text was updated successfully, but these errors were encountered: