Comments (2)
xet7
commented on June 26, 2024
Sorry, that when making new issue, instructions about reporting something, that could be related to security, were not visible enough. I have removed from issue template HTML tags that make instuctions not show in preview mode, hopefully info about security related is now better visible https://github.com/wekan/wekan/blob/main/.github/ISSUE_TEMPLATE.md
It seems, that currently API only checks, that user is member of that board. It does not yet check for role, as can be seen here:
https://github.com/wekan/wekan/blob/main/models/cards.js#L3513
Usually, only those with roles like BoardAdmin and Normal can edit board board in web UI. It looks like that it is not yet implemented for API.
There could be some code to check for role at wekan/models/users.js
Well, I'll try to drink some coffee and wake up, thinking how to fix this.
Sure, if some WeKan contributor is already awake, PRs welcome.
from wekan.
xet7
commented on June 26, 2024
Maybe some role checks like this:
https://github.com/wekan/wekan/blob/main/models/users.js#L637
from wekan.
Related Issues (20)
- Export CSV/TSV from Board create unhandled Exception HOT 1
- Moving card fast BUG HOT 30
- Azure OIDC redirect HOT 11
- [Feature request] Add an audio ding any time a task is checked off HOT 3
- Collapsing a list breaks the color bar positioning
- "Originisations" and "Teams" Tables in Admin panel is broken
- Mentions in comments are broken after updating to Wekan 7.47.0 HOT 2
- 7.46 doesn't start in Docker HOT 4
- Adding attachments to cards semi-fails.
- [Feature Request] Upload image attachments by pasting in comment area
- Email notifications
- How to have scrollbar always visible on list ? HOT 1
- Webhook issue:Outgoing webhook doesn't show label name
- Feature Request: Archived cards count shown like GitHub contributions count
- Date picker improvements - ISO8601 support, add more presets, UI rearrangement, time picker HOT 4
- swimlanes color HOT 1
- Wekan can't connect to database after update HOT 1
- Redis does not work on a wekan installed in a docker HOT 3
- Azure Email Communication Service HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wekan.