Access check in "Usage" tab

Created on 30 July 2022, over 2 years ago
Updated 4 April 2024, 9 months ago

Problem/Motivation

All detectable entities are displayed in their respective lists under the "Usage" tab of a given entity.

We currently do NOT check access before displaying these lists.

Best case would be a 403 if user click on a link of an entity (s)he doesn't have access to.

Worst base would be a leak of information the user should not have been able to access.

Proposed resolution

Check entity access against current user for the "view" operation for each entity detected under the "Usage" tab.

✨ Feature request
Status

Closed: duplicate

Version

1.0

Component

Code

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024