mirror of
https://github.com/fleetdm/fleet
synced 2026-05-17 22:18:39 +00:00
119d1df76f
relates to #16052 This adds a team permission check the `GET software/titles/:id` endpoint. If the user should not be able to get the software title if it is not on a host that is on the same team as the user (e.g. software title 1 is on host 1, which is on team 1. A user who is only on team 2 should get a 403 response) The UI is also updated to show the access denied error page when the we receive a 403 response for the software title <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Roberto Dip <dip.jesusr@gmail.com> Co-authored-by: Roberto Dip <me@roperzh.com> |
||
|---|---|---|
| .. | ||
| mockimpl | ||
| mockresult | ||
| nanodep | ||
| scep | ||
| datastore.go | ||
| datastore_installers.go | ||
| datastore_mdm_mock.go | ||
| datastore_mock.go | ||
| datastore_users_helpers.go | ||
| errors.go | ||