1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-12-22 19:07:54 +01:00
unleash.unleash/src
Christopher Kolstad 0887999dd0
fix: setRolesForUser and setRolesForGroup role check (#6380)
In order to stop privilege escalation via
`/api/admin/projects/:project/users/:userId/roles` and
`/api/admin/projects/:project/groups/:groupId/roles` this PR adds the
same check we added to setAccess methods to the methods updating access
for these two methods.

Also adds tests that verify that we throw an exception if you try to
assign roles you do not have.

Thank you @nunogois for spotting this during testing.
2024-02-29 09:38:32 +01:00
..
lib fix: setRolesForUser and setRolesForGroup role check (#6380) 2024-02-29 09:38:32 +01:00
mailtemplates fix-css-update-for-CR-email-template (#6186) 2024-02-13 10:16:25 +09:00
migrations feat: create the project-metrics-summary-trends table (#6313) 2024-02-22 17:21:08 +02:00
test fix: setRolesForUser and setRolesForGroup role check (#6380) 2024-02-29 09:38:32 +01:00
migrator.ts chore: This helps output the migrations being applied (#6004) 2024-01-23 16:01:36 +01:00
server-dev.ts chore: remove new strategy configuration flag (#6335) 2024-02-27 11:23:49 +01:00
server.ts