Endpoints available for normal members

28 Aug
Laraship QuestionsCategory: TechnicalEndpoints available for normal members
0 Vote Up Vote Down
st3fan asked 5 years ago
The following endpoints are available for normal members, even if (if possible) the access is restricted from the role settings:

/cms/active-users
/transactions

This maybe bug or work as it should?
1 Answers
0 Vote Up Vote Down
laraship Staff answered 5 years ago
Hello, Do you mean the endpoints for the dashboard widgets?
Stefan Warmerdam replied 5 years ago

I mean that when I go to those url’s as a member (not superuser) I am able to see this information, shouldnt this be restricted to superuser or a user with access only?

Could be made as intented, not sure what your intention is.

laraship Staff replied 5 years ago

Got it, we will add permissions to these URLs in our next release

Stefan Warmerdam replied 5 years ago

reopening, found one more:

/subscriptions/subscriptions/create (this page works, submission is not, but page should also not work for members that have no access)

/subscriptions/products (this page works, shouldnt work)

I suggest you take a look at all the subscriptions endpoints, there are more leaks in it.

 

 

you can test by visiting this endpoints with a user inside a role that has no permission to it.

Stefan Warmerdam replied 5 years ago

please remove the auto close function, it is not suited because you did not resolve the ticket yet…

Newer Changelog about laraship-laravel-marketplace/
Older php artisan not working