You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In this route, if a caller provides multiple attributes in the request body, only one will be updated. However, in the case where the admin attribute is set to true in the request body, this will be added to the AuthCache whether or not the admin attribute is the one updated in the database. This leads to the scenario where a user does not have admin privilege in the database, but they do in the cache.
The text was updated successfully, but these errors were encountered:
ewee33
changed the title
Stop admin privileges from being cached in POST /orgs/{orgid}/users/{username} when they are not added to the DB
Stop admin privileges from being cached in PATCH /orgs/{orgid}/users/{username} when they are not added to the DB
Jun 27, 2022
ewee33
added a commit
to ewee33/exchange-api
that referenced
this issue
Jun 27, 2022
In this route, if a caller provides multiple attributes in the request body, only one will be updated. However, in the case where the
admin
attribute is set totrue
in the request body, this will be added to theAuthCache
whether or not theadmin
attribute is the one updated in the database. This leads to the scenario where a user does not have admin privilege in the database, but they do in the cache.The text was updated successfully, but these errors were encountered: