panel Subuser permissions are not validated

Subuser permissions are not validated

Open devnote-dev opened this issue 1 year ago • 0 comments

Current Behavior

When creating or updating a subuser via the API, the permissions field will accept any value, regardless of whether it is a valid permission or not.

Expected Behavior

These endpoints should validate the permissions field before continuing with the request.

Steps to Reproduce

Put random characters or numbers, anything but a valid permission in the permissions field of the request body
Request POST /api/client/servers/<identifier>/users or POST /api/client/servers/<identifier>/users/<uuid> if you have a subuser to test on

Panel Version

1.10.1

Wings Version

1.7.0

Games and/or Eggs Affected

N/A

Docker Image

N/A

Error Logs

N/A

Is there an existing issue for this?

[X] I have searched the existing issues before opening this issue.
[X] I have provided all relevant details, including the specific game and Docker images I am using if this issue is related to running a server.
[X] I have checked in the Discord server and believe this is a bug with the software, and not a configuration issue with my specific system.

Aug 18 '22 18:08 devnote-dev

panel panel copied to clipboard

Subuser permissions are not validated

Current Behavior

Expected Behavior

Steps to Reproduce

Panel Version

Wings Version

Games and/or Eggs Affected

Docker Image

Error Logs

Is there an existing issue for this?

panel
panel copied to clipboard