-
-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't allow non repo members into admin #323
Comments
Ultimately, the interface is only showing information that is publicly available in the |
GitHub Permission Checking APIs: https://developer.github.com/v3/repos/collaborators/ |
I was just coming to ask about this. Actually found out by mistake as a collaborator hadn't joined properly. So he was seeing API errors and I was off down a rabbit hole till I saw this. |
It's a priority for sure. I don't expect it would be a very heavy lift if anyone wants to take a crack at it. |
Not very familiar with React -- would you put this in AuthenticationPage.js or API.js? |
Does the same issue apply to the If it's just GitHub, I think the best place to put it would be in |
Good point @josephearl, my only thought was that since we may add GitLab support eventually, we might want to keep the implementations separated. |
Yes, the same fix might need to be applied twice. The |
Need design for denied screen; when a user tries to access/login but they do not have push access to the repo |
Would it make sense to also add some kind of .htaccess or or other permissions solution to deny the general public access to the config.yml file? I'm gonna try and figure out an implementation for both of these asap as I'd like to make sure this is all taken care of before I deploy anything to production. |
…prise (#491) * Prevent unauthorized CMS access and enable use of GitHub Enterprise
Unless anyone has any issues, I'm going to close this. |
- Do you want to request a feature or report a bug?
- What is the current behaviour?
- If the current behaviour is a bug, please provide the steps to reproduce.
- What is the expected behaviour?
- Please mention your node.js, and operating system version.
The text was updated successfully, but these errors were encountered: