diff options
| author | Frederick Muriuki Muriithi | 2024-07-03 10:46:52 -0500 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2024-07-03 10:46:52 -0500 |
| commit | 1d21d4f85d34913209d2b765c87b352e788f62dd (patch) | |
| tree | 717b59b246e48f3d6c593869d0761449d210f0ce /issues/gn-auth | |
| parent | 10429b3d569ae419733735aac21ec3da02125f51 (diff) | |
| download | gn-gemtext-1d21d4f85d34913209d2b765c87b352e788f62dd.tar.gz | |
gn-auth: Privilege escalation bug - Close as fixed.
Diffstat (limited to 'issues/gn-auth')
| -rw-r--r-- | issues/gn-auth/problems-with-roles.gmi | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/issues/gn-auth/problems-with-roles.gmi b/issues/gn-auth/problems-with-roles.gmi index e1f49e0..2778b61 100644 --- a/issues/gn-auth/problems-with-roles.gmi +++ b/issues/gn-auth/problems-with-roles.gmi @@ -3,9 +3,9 @@ ## Tags * type: bug -* status: open * priority: critical * assigned: fredm, zachs +* status: closed, completed, fixed * keywords: gn-auth, authorisation, authorization, roles, privileges ## Description @@ -29,8 +29,8 @@ The implementation should instead, tie the roles to the specific resource, rathe * [x] migration: Add `resource:role:[create|delete|edit]-role` privileges to `resource-owner` role * [x] migration: Create new `resource_roles` db table linking each resource to roles that can act on it, and the user that created the role * [x] migration: Drop table `group_roles` deleting all data in the table: data here could already have privilege escalation in place -* [ ] Create a new "Roles" section on the "Resource-View" page, or a separate "Resource-Roles" page to handle the management of that resource's roles -* [ ] Ensure user can only assign roles they have created - maybe? +* [x] Create a new "Roles" section on the "Resource-View" page, or a separate "Resource-Roles" page to handle the management of that resource's roles +* [x] Ensure user can only assign roles they have created - maybe? ### Fixes |