website-backend icon indicating copy to clipboard operation
website-backend copied to clipboard
verified publisher icon Real-Dev-Squad

User can add restricted roles while adding/removing roles from dashboard site

Open joyguptaa opened this issue 1 year ago • 0 comments

Issue Description

Users can add any role by modifying the payload while adding groups from the dashboard site.

Expected Behavior

Users should only have the authority to add roles that exist in the database.

Current Behavior

By modifying the payload user can choose any role of their choice. And then it will get applied to them on discord.

Screenshots

Screenshot 2024-03-05 at 11 17 46 PM

Reproducibility

  • [x] This issue is reproducible
  • [x] This issue is not reproducible

Steps to Reproduce

  1. Modify the API response for adding roles

Severity/Priority

  • [x] Critical
  • [ ] High
  • [ ] Medium
  • [ ] Low

Additional Information

Checklist

  • [x] I have read and followed the project's code of conduct.
  • [x] I have searched for similar issues before creating this one.
  • [x] I have provided all the necessary information to understand and reproduce the issue.
  • [x] I am willing to contribute to the resolution of this issue.

joyguptaa avatar Mar 05 '24 17:03 joyguptaa