Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check REST-API role permissions #159

Open
Christoph-Meyer opened this issue Nov 26, 2018 · 0 comments
Open

Check REST-API role permissions #159

Christoph-Meyer opened this issue Nov 26, 2018 · 0 comments
Labels
help wanted A good starting point if you are new with the code security

Comments

@Christoph-Meyer
Copy link
Collaborator

Some REST-API URLs should not be callable when the logged in user does not have the right role.

E.g. the following Controllers with the fitting services need to be secured/checked with @PreAuthorize and a fitting role needs to be added to the DB table "Permission":

  • Quest creation, progression and deletion
  • Adventure creation, progression and deletion
  • Task creation and handling
    etc.

Basically all available REST URLs need to be reviewed and a fitting role needs to be assigned where necessary.
Additionally to document the changes a table listing the Roles and Permissions should be added to the GitHub documentation.

@Christoph-Meyer Christoph-Meyer added help wanted A good starting point if you are new with the code security labels Nov 26, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
help wanted A good starting point if you are new with the code security
Projects
None yet
Development

No branches or pull requests

1 participant