mirror of
https://github.com/Unleash/unleash.git
synced 2024-12-22 19:07:54 +01:00
0887999dd0
In order to stop privilege escalation via `/api/admin/projects/:project/users/:userId/roles` and `/api/admin/projects/:project/groups/:groupId/roles` this PR adds the same check we added to setAccess methods to the methods updating access for these two methods. Also adds tests that verify that we throw an exception if you try to assign roles you do not have. Thank you @nunogois for spotting this during testing. |
||
---|---|---|
.. | ||
lib | ||
mailtemplates | ||
migrations | ||
test | ||
migrator.ts | ||
server-dev.ts | ||
server.ts |