Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-28862

Require an explicit permission for the System Info route

    XMLWordPrintable

    Details

      Description

      In 2.0, the route that shows system informtions in the admin /admin/systeminfo on 2.x) does not have any extra permission check. Like the rest of the admin, it requires that the user is authenticated. While most resources will be protected by the Public API's permission checks, System info will not. setup/system_info was used in 1.x (and legacy), and can be reused for this.

      The easiest is to perform the check in the controller itself. It is what was done in 1.x.
      An alternative would be to stick to the Public API approach, and do that in the SystemInfoCollectorRegistry, so that it is transparent for API consumers.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            bertrand.dunogier@ez.no Bertrand Dunogier
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: