Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Details row endpoints/URL lacks access control #5395

Closed
karandatwani92 opened this issue Dec 3, 2023 · 2 comments · Fixed by #5397
Closed

[Bug] Details row endpoints/URL lacks access control #5395

karandatwani92 opened this issue Dec 3, 2023 · 2 comments · Fixed by #5397
Labels
Bug enhancement

Comments

@karandatwani92
Copy link
Contributor

A user reported this here Laravel-Backpack/community-forum#774

Details row endpoints/URL lacks access control.

https://backpackforlaravel.com/docs/6.x/crud-api#details-row

I tested the following, No API is available to disable them. Endpoints (URL) are always open!🚨

$this->crud->disableDetailsRow(); // hides it from UI only

// I doubt the following are working.
$this->crud->allowAccess('details_row');
$this->crud->denyAccess('details_row');
@pxpm pxpm mentioned this issue Dec 6, 2023
Merged
@pxpm
Copy link
Contributor

pxpm commented Dec 6, 2023

Thanks for bringing this to my attention @karandatwani92

I've just submitted the PR #5397 that addresses this.

Cheers

@pxpm pxpm linked a pull request Dec 6, 2023 that will close this issue
Make setup of details row routes optional #5397
Merged
@pxpm pxpm removed their assignment Dec 6, 2023
@pxpm pxpm moved this to Ready to Merge in Backpack v6.x (July 2023-Feb 2024) Dec 6, 2023
@pxpm pxpm moved this to Ready to Merge in This week Dec 6, 2023
@pxpm pxpm closed this as completed in #5397 Dec 7, 2023
@github-project-automation github-project-automation bot moved this from Ready to Merge to Done in This week Dec 7, 2023
@github-project-automation github-project-automation bot moved this from Ready to Merge to Done in Backpack v6.x (July 2023-Feb 2024) Dec 7, 2023
@pxpm
Copy link
Contributor

pxpm commented Dec 7, 2023

Updated docs for details row here: https://backpackforlaravel.com/docs/6.x/crud-operation-list-entries#details-row-1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug enhancement
Projects
Backpack v6.x (July 2023-Feb 2024)
Status: Done
This week
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Make setup of details row routes optional Laravel-Backpack/CRUD
2 participants
@pxpm @karandatwani92