Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can still read /Repository even when RepositoryRights.Read is unset #2064

Closed
LetterN opened this issue Jan 3, 2025 · 0 comments · Fixed by #2065
Closed

Can still read /Repository even when RepositoryRights.Read is unset #2064

LetterN opened this issue Jan 3, 2025 · 0 comments · Fixed by #2065
Assignees
@Cyberboss
Labels
Bug Something's fucky Priority: CRITICAL Alarm clock up. Fix immediately Security Issue pertaining to Authentication/Authorization or NTC (Never Trust the Client) Work In Progress Issue being actively worked on
Milestone
v6.12.3

Comments

@LetterN
Copy link

LetterN commented Jan 3, 2025
edited
Loading

Describe the bug
title

To Reproduce
have any repo right that isnt Read. tested on 4/SetSha as the only permission allowed for the user account

Expected behavior
403 or a slimmed down result from what the user can write

Logs
N/A

Server State: (please complete the following information):

  • TGS Version: 6.12.2
  • API Version: 10.12.0
@LetterN LetterN added Bug Something's fucky Reproduction Required Reproduction steps required for issue labels Jan 3, 2025
@Cyberboss Cyberboss added Priority: CRITICAL Alarm clock up. Fix immediately Security Issue pertaining to Authentication/Authorization or NTC (Never Trust the Client) and removed Reproduction Required Reproduction steps required for issue labels Jan 3, 2025
@Cyberboss Cyberboss added this to the v6.12.3 milestone Jan 3, 2025
@Cyberboss Cyberboss added the Work In Progress Issue being actively worked on label Jan 3, 2025
Cyberboss added a commit that referenced this issue Jan 3, 2025
@Cyberboss
Regression test for #2064
4605afe
Cyberboss added a commit that referenced this issue Jan 3, 2025
@Cyberboss
Fix UserEnabled role being OR'd with action authorization roles FUUUU…
e7b1189 
…UCCCKK!!!!

Fixes #2064
@Cyberboss Cyberboss mentioned this issue Jan 4, 2025
Merged
@Cyberboss Cyberboss linked a pull request Jan 4, 2025 that will close this issue
[s] v6.12.3: Why are we still here? Just to suffer?? #2065
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Cyberboss Cyberboss

Labels
Bug Something's fucky Priority: CRITICAL Alarm clock up. Fix immediately Security Issue pertaining to Authentication/Authorization or NTC (Never Trust the Client) Work In Progress Issue being actively worked on
Projects
None yet
Milestone
v6.12.3
Development

Successfully merging a pull request may close this issue.

[s] v6.12.3: Why are we still here? Just to suffer?? tgstation/tgstation-server
2 participants
@Cyberboss @LetterN