Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add controller-level enforcement as well. #2

Open
andrewculver opened this issue Dec 14, 2022 · 1 comment · May be fixed by #11
Open

Add controller-level enforcement as well. #2

andrewculver opened this issue Dec 14, 2022 · 1 comment · May be fixed by #11
Assignees
@jwright
Labels
enhancement New feature or request

Comments

@andrewculver
Copy link
Contributor

Right now it looks like all our enforcement is only in the view. We should add controller-level enforcement to ensure the API also restricts resource creation as needed.
@seattlecyclist
Copy link

I was thinking this exact same thing.

Its not just the API controllers, its all controllers. We would not want to just trust that the UI is disabled, we would want to verify that the POST actions are blocked too if the limits are violated. IE: do not trust user provided parameters.

@jwright jwright self-assigned this Jan 24, 2023
@jwright jwright added the enhancement New feature or request label Jan 24, 2023
This was referenced Jan 24, 2023
Open
Merged
@jwright jwright reopened this Jan 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jwright jwright

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add Controller Support bullet-train-pro/bullet_train-billing-usage
3 participants
@jwright @andrewculver @seattlecyclist