Require application "Can Use" capability to call Conduit methods
5171e3684c58
Actions

Authored by epriestley <git@epriestley.com> on Oct 17 2013, 21:51.

Description

Require application "Can Use" capability to call Conduit methods

Summary: Ref T603. If you don't have access to an application, prevent execution of its (authenticated) methods.

Test Plan: Restricted Tokens to only admins, then tried to view/call Token methods as a non-admin.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Committed

epriestley <git@epriestley.com>

Oct 17 2013, 21:51

Pushed

aubort

Jan 31 2017, 17:16

Parents

Branches

Unknown

Tags

Unknown

				Path
	M			src/applications/conduit/call/ConduitCall.php
	M			src/applications/conduit/method/ConduitAPIMethod.php