Bug #15790: [Workbench2] Non-admin users can access admin pages via urls - Arvados

Actions

Copy link

Bug #15790

open

[Workbench2] Non-admin users can access admin pages via urls

Added by Eric Biagiotti about 5 years ago. Updated almost 5 years ago.

Status:

New

Priority:

Normal

Assigned To:

Category:

Workbench2

Target version:

Start date:

Due date:

% Done:

Estimated time:

Story points:

Release:

WB2 Future Releases

Release relationship:

Auto

Description

Your token is the same so you can only see data you have access to and perform operations the API lets you. For example, I was able to delete my links, and create a group, but I couldn't make myself an admin.

Before routing to admin pages, we should be checking that the current user is an admin.

History
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Arvados

Custom queries

Bug #15790

[Workbench2] Non-admin users can access admin pages via urls

Updated by Eric Biagiotti about 5 years ago

Updated by Eric Biagiotti about 5 years ago

Updated by Peter Amstutz almost 5 years ago