Skip to content

[IMPROVE][Security] Admin info page requires permission view-statistics#18408

Merged
ggazzo merged 4 commits intodevelopfrom
info-page-permission
Aug 6, 2020
Merged

[IMPROVE][Security] Admin info page requires permission view-statistics#18408
ggazzo merged 4 commits intodevelopfrom
info-page-permission

Conversation

@MartinSchoeler
Copy link
Copy Markdown
Member

@MartinSchoeler MartinSchoeler commented Jul 28, 2020
edited by ggazzo
Loading

closes #18014

Proposed changes

Users now require the view-statistics permission to be access the admin/info page

Types of changes

  • Bugfix (non-breaking change which fixes an issue)
  • Improvement (non-breaking change which improves a current function)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Hotfix (a major bugfix that has to be merged asap)
  • Documentation Update (if none of the other choices apply)

Checklist

  • I have read the CONTRIBUTING doc
  • I have signed the CLA
  • Lint and unit tests pass locally with my changes
  • I have added tests that prove my fix is effective or that my feature works (if applicable)
  • I have added necessary documentation (if applicable)
  • Any dependent changes have been merged and published in downstream modules

Changelog

Users now require the view-statistics permission to be access the admin/info page

Further comments

@MartinSchoeler MartinSchoeler added this to the 3.6.0 milestone Jul 28, 2020
@MartinSchoeler MartinSchoeler requested a review from a team July 28, 2020 18:32
@ggazzo ggazzo merged commit 060a1de into develop Aug 6, 2020
@ggazzo ggazzo deleted the info-page-permission branch August 6, 2020 20:34
gabriellsh added a commit that referenced this pull request Aug 10, 2020
@gabriellsh
Merge branch 'develop' of github.com:RocketChat/Rocket.Chat into ref/…
4013527 
…omni

* 'develop' of github.com:RocketChat/Rocket.Chat:
  [NEW] Add REST API endpoint to search Livechat visitors (#18514)
  LingoHub based on develop (#18516)
  Update README.md (#18503)
  [NEW] Channel avatar (#18443)
  [FIX] Sending notifications from senders without a name (#18479)
  [FIX] UserCard avatar cache (avatarETag) (#18466)
  [IMPROVE] Admin Info page requires permission (#18408)
  [FIX] Marking room as read with unread threads still (#18410)
  [FIX] Random generated password not matching the Password Policy (#18475)
  Typo in privacy agreement message (#18476)
  bugfix for uploading files from livechat (#18474)
  LingoHub based on develop (#18465)
  [NEW] Add the ability to set the character message limit on Livechat widget (#18261)
  [FIX] Migration 194 (#18457)
  [FIX] Omnichannel session monitor is not starting (#18412)
  [FIX] Invalid MIME type when uploading audio files (#18426)
  [FIX] Error when updating omnichannel department without agents parameter (#18428)
  [FIX] Omnichannel Take Inquiry endpoint checking wrong permission (#18446)
  [FIX] Multiple push notifications sent via native drivers (#18442)
  [FIX] Appending 'false' to Jitsi URL (#18430)
@rodrigok rodrigok changed the title [IMPROVE] Info page requires permission [IMPROVE][Security] Admin info page requires permission view-statistics Aug 24, 2020
@sampaiodiego sampaiodiego mentioned this pull request Aug 29, 2020
Merged
@phriedrich phriedrich mentioned this pull request Sep 9, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ggazzo ggazzo ggazzo approved these changes

Assignees

No one assigned

Labels

feat: roles / permissions

Projects

None yet

Milestone

3.6.0

Development

Successfully merging this pull request may close these issues.

non admin users can access admin panel by type directly url for see server info

2 participants

@MartinSchoeler @ggazzo