Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A user with "write" permission can delete a case using API #773

Closed
To-om opened this issue Oct 23, 2018 · 0 comments
Closed

A user with "write" permission can delete a case using API #773

To-om opened this issue Oct 23, 2018 · 0 comments
Assignees
@To-om
Labels
bug
Milestone
3.2.0-RC1

Comments

@To-om
Copy link
Contributor

To-om commented Oct 23, 2018

Request Type

Bug

Work Environment

TheHive <= 3.1.2

Problem Description

Using the UI, an user requires "admin" right to delete a case.Using the API, only "write" permission is enough.
This is inconsistent.

Possible Solutions

The back-end should refuse to delete a case if the user is not admin.
@To-om To-om added the bug label Oct 23, 2018
@To-om To-om added this to the 3.1.3 milestone Oct 23, 2018
@To-om To-om self-assigned this Oct 23, 2018
@nadouani nadouani changed the title A user with "right" permission can delete a case using API A user with "write" permission can delete a case using API Oct 24, 2018
To-om added a commit that referenced this issue Nov 5, 2018
@To-om
#773 Deleting a case requires admin rights
866c154
@To-om To-om closed this as completed Nov 5, 2018
@To-om To-om modified the milestones: 3.1.3, 3.2.0 (Cerana 2) Nov 15, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@To-om To-om

Labels
bug
Projects
None yet
Milestone
3.2.0-RC1
Development

No branches or pull requests
1 participant
@To-om