Uploaded image for project: 'Atlas'
  1. Atlas
  2. ATLAS-2009

Any non-admin user in users-credentials.properties is able to access /api/atlas/admin path

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.8.1, 1.0.0
    • Component/s: atlas-core
    • Labels:
      None

      Description

      Any non-admin user (ex: rangertagsync) specified in conf/users-credentials.properties is able to access the /api/atlas/admin path. Is this expected ?
      One of the use cases is Export and Import API's ,which should be permitted only by admin user to be executed. But any user is able to execute it.

        Attachments

        1. ATLAS-2009.patch
          1 kB
          Nixon Rodrigues

          Activity

            People

            • Assignee:
              nixon Nixon Rodrigues
              Reporter:
              sharmadhas Sharmadha S
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: