Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

request #40443 Project history reference list should should check that user is project administrator

Download Browse

How to test: With an anonymous user go on page `project/<id>/admin/references` You should have a Fordidden error Why? Accessing this does not leak information, as references can be listed on REST route, but it might be disturbing for users to have access to this page in read only (CRUD action are listed, but nothing can be performed) It's better to hide this page Change-Id: Ib740323f50bf59077ea9320dd8f0815c516c5321

+13 −28
Marie Ange Garnier (marieange) 2024-11-08 16:43
Marie Ange Garnier (marieange) 2024-11-08 16:43
8670c8a235fc200518767a273b8d330044d75a4a
84971779d36d0075914b1a125adba9d4d9c20e1c
git #tuleap/stable/8670c8a235fc200518767a273b8d330044d75a4a

Modified Files

Side by side diff
Inline diff
Name
M src/common/Project/Admin/Reference/Browse/ReferenceAdministrationBrowseController.php +11 −27 Go to diff View file
M src/common/Request/RouteCollector.php +2 −1 Go to diff View file