Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AttachmentController checkPermission issue #2861

Open
Lucisu opened this issue Jul 18, 2024 · 0 comments
Open

AttachmentController checkPermission issue #2861

Lucisu opened this issue Jul 18, 2024 · 0 comments
Assignees
@tabuna
Labels
Errors

Comments

@Lucisu
Copy link
Contributor

Lucisu commented Jul 18, 2024

Describe the bug
Hello! While checking the code of the AuthenticationController class, I noticed that the checkPermission call does not actually aborts if the user is unauthenticated:

platform/src/Platform/Http/Controllers/Controller.php

Line 29 in da3f6f4

abort_if(Auth::user() !== null && ! Auth::user()->hasAccess($permission), 403);

It is later aborted in a different middleware, but I guess it would also make more sense to add this check in the AttachmentController too, right?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tabuna tabuna

Labels
Errors
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tabuna @Lucisu