-
-
Notifications
You must be signed in to change notification settings - Fork 7.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RBAC permissions resets on required fields when restarting Strapi #16890
Comments
hey, what is the current status of this issue |
Would it please be possible to fix this major security issue? It is not possible to implement even basic scenarios with RBAC. |
I'm seeing the same issue for custom controllers. Is there any fix on the way? |
More information: |
Hi, has there been any updates on this? It seems like a major issue for permissions to be changing on their own. And we are getting complaints from users every time it resets. |
If it's possible, it'd be great to get some feedback as to why this has been on hold for so long. We're closing in on a year since the problem was first reported. |
Related to TID6550, escalated to high |
Bug report
Required System information
Describe the bug
RBAC permissions resets on required fields when restarting Strapi
Steps to reproduce the behavior
Expected behavior
Even if its a required field RBAC permissions shouldn't reset to it default (allow) on that field. This is unexpected and cause security issues, because you believe the Role can't access or change that field.
The text was updated successfully, but these errors were encountered: