Details
-
Bug
-
Resolution: Timed out
-
Medium
-
2.6.0
-
Severity 2 - Major
-
Description
Some of our admin functions call code which performs permission checks. These permission checks don't do what we want, as we may be anonymous or logged in as a non-admin user, and so not have permission to perform actions.
For instance, you can't add application links to a project unless you are logged in. See screenshot.
We could fix this by adding 'isSuperuser' method to our Principal interface.