Endpoints available for normal members

Endpoints available for normal members

Laraship QuestionsCategory: TechnicalEndpoints available for normal members
st3fan asked 6 months ago

The following endpoints are available for normal members, even if (if possible) the access is restricted from the role settings:


This maybe bug or work as it should?

1 Answers
laraship Staff answered 6 months ago

Do you mean the endpoints for the dashboard widgets?

Stefan Warmerdam replied 6 months ago

I mean that when I go to those url’s as a member (not superuser) I am able to see this information, shouldnt this be restricted to superuser or a user with access only?

Could be made as intented, not sure what your intention is.

laraship Staff replied 6 months ago

Got it, we will add permissions to these URLs in our next release

Stefan Warmerdam replied 6 months ago

reopening, found one more:

/subscriptions/subscriptions/create (this page works, submission is not, but page should also not work for members that have no access)

/subscriptions/products (this page works, shouldnt work)

I suggest you take a look at all the subscriptions endpoints, there are more leaks in it.



you can test by visiting this endpoints with a user inside a role that has no permission to it.

Stefan Warmerdam replied 5 months ago

please remove the auto close function, it is not suited because you did not resolve the ticket yet…


Limited Time Offer