Tag groups page is available without authorization

(Alexander V ) #1

As guest you can open and see /tag_groups page with all staff buttons and controls, for example:
That’s only cosmetic bug, any changes there are not saved (“Forbidden” response from server), and no private information also - so it’s public bug report.

(Sam Saffron) #2

Agree, this is pretty confusing to anonymous.

@neil perhaps we should just restrict the route to staff? Can anyone else mess with tag groups?

(Neil Lalonde) #4

Agreed there’s no point showing those pages to non-staff users. I restricted them to staff.

(Tobias Eigen) #5

Whoa - that is freaky. Is it going to be restricted on all sites now, @neil, or do I have to do something to restrict access on my site?

(Neil Lalonde) #6

It will be restricted for all sites.

(Neil Lalonde) #7

This topic was automatically closed after 6 hours. New replies are no longer allowed.