mirror of
https://github.com/fleetdm/fleet
synced 2026-05-12 03:28:48 +00:00
119d1df76f
relates to #16052 This adds a team permission check the `GET software/titles/:id` endpoint. If the user should not be able to get the software title if it is not on a host that is on the same team as the user (e.g. software title 1 is on host 1, which is on team 1. A user who is only on team 2 should get a 403 response) The UI is also updated to show the access denied error page when the we receive a 403 response for the software title <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Roberto Dip <dip.jesusr@gmail.com> Co-authored-by: Roberto Dip <me@roperzh.com> |
||
|---|---|---|
| .. | ||
| io | ||
| macoffice | ||
| msrc | ||
| nvd | ||
| oval | ||
| testdata | ||
| utils | ||