Change
Stricter access control in package saving
Issue description
The current access check in package saving can be easily circumvented by a malicious user via handcrafting POST body. Currently any information can be saved as long as the user has access to the topic type in tt_id. Whether tt_id has anything to do with the actual data saved is never checked.
Improve the access control to modification and unify all http available means to changing the topic map to use Package or shut them down.
|
Work sessions5
Start |
2016-11-01T18:08:03
|
End |
2016-11-01T20:08:20
|
Participant |
Robert Cerny
|
Start |
2016-11-02T08:08:30
|
End |
2016-11-02T10:08:30
|
Participant |
Robert Cerny
|
Start |
2016-11-03T10:06:04
|
End |
2016-11-03T17:16:54
|
Participant |
Robert Cerny
|
Start |
2016-11-07T08:11:29
|
End |
2016-11-07T12:24:53
|
Participant |
Robert Cerny
|
Start |
2016-11-14T14:31:35
|
End |
2016-11-14T15:28:59
|
Participant |
Robert Cerny
|
|
We are sorry
This page cannot be displayed in your browser. Use Firefox, Opera, Safari, or Chrome instead.