Homec4science

Require application "Can Use" capability to call Conduit methods

Authored by epriestley <git@epriestley.com> on Oct 17 2013, 21:51.

Description

Require application "Can Use" capability to call Conduit methods

Summary: Ref T603. If you don't have access to an application, prevent execution of its (authenticated) methods.

Test Plan: Restricted Tokens to only admins, then tried to view/call Token methods as a non-admin.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7342

Details

Committed
epriestley <git@epriestley.com>Oct 17 2013, 21:51
Pushed
aubortJan 31 2017, 17:16
Parents
rPH32dca4b553f8: Fix lightbox downloads for embeded images and a warning
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH5171e3684c58: Require application "Can Use" capability to call Conduit methods (authored by epriestley <git@epriestley.com>).Oct 17 2013, 21:51