panel
panel copied to clipboard
Subuser permissions are not validated
Current Behavior
When creating or updating a subuser via the API, the permissions
field will accept any value, regardless of whether it is a valid permission or not.
Expected Behavior
These endpoints should validate the permissions field before continuing with the request.
Steps to Reproduce
- Put random characters or numbers, anything but a valid permission in the
permissions
field of the request body - Request
POST /api/client/servers/<identifier>/users
orPOST /api/client/servers/<identifier>/users/<uuid>
if you have a subuser to test on
Panel Version
1.10.1
Wings Version
1.7.0
Games and/or Eggs Affected
N/A
Docker Image
N/A
Error Logs
N/A
Is there an existing issue for this?
- [X] I have searched the existing issues before opening this issue.
- [X] I have provided all relevant details, including the specific game and Docker images I am using if this issue is related to running a server.
- [X] I have checked in the Discord server and believe this is a bug with the software, and not a configuration issue with my specific system.