- πΊπΈUnited States smustgrave
Appears to be a duplicate of π Error prevents user from seeing the usage tab. Needs review
Searched for other execute() calls and that appears to be the only one.
All detectable entities are displayed in their respective lists under the "Usage" tab of a given entity.
We currently do NOT check access before displaying these lists.
Best case would be a 403 if user click on a link of an entity (s)he doesn't have access to.
Worst base would be a leak of information the user should not have been able to access.
Check entity access against current user for the "view" operation for each entity detected under the "Usage" tab.
Closed: duplicate
1.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Appears to be a duplicate of π Error prevents user from seeing the usage tab. Needs review
Searched for other execute() calls and that appears to be the only one.