This repository has been archived by the owner on Aug 28, 2021. It is now read-only.
Client Put bug? #182
Labels
Comments
|
It's covering the case when A opens B's file with B's sender/receiver client in there, but A's account. Reasoning goes like: if A can already access B's file, he should be able to edit the client and set it online/offline (what that endpoint is mostly used for). If he shouldn't be able to, there's some bigger structural issues there (ie, A stealing B's files from the network drive or something). Open to different ways of doing things, but it would mean some client rewriting... |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I'm doing some rewriting and was wondering why when we update a client we only check if the user can write to the stream? Shouldn't we check that the user can write to the client instead?
SpeckleServer/app/api/clients/ClientPut.js
Line 17 in c544a34
The text was updated successfully, but these errors were encountered: