Skip to content

Protect org CRUD endpoints with multi-organization experiment #13969

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Emyrk opened this issue Jul 22, 2024 · 1 comment · Fixed by #14001
Closed

Protect org CRUD endpoints with multi-organization experiment #13969

Emyrk opened this issue Jul 22, 2024 · 1 comment · Fixed by #14001
Assignees
@Emyrk
Labels
security Area: security

Comments

@Emyrk
Copy link
Member

Emyrk commented Jul 22, 2024

Many of the existing organization endpoints existed before the experiment existed. Because of that, the endpoints are not protected and can be used by any AGPL endpoint.
@coder-labeler coder-labeler bot added bug security Area: security labels Jul 22, 2024
@Emyrk Emyrk self-assigned this Jul 22, 2024
@Emyrk
Copy link
Member Author

Emyrk commented Jul 30, 2024

Closed here: #14001

@Emyrk Emyrk closed this as completed Jul 30, 2024
@Emyrk Emyrk mentioned this issue Jul 30, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Emyrk Emyrk

Labels
security Area: security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: protect organization endpoints with license coder/coder
1 participant
@Emyrk