search

BayviewComputerClub / smoothie-web

Bayview Computer Club's Online Judge!
https://smoothie.bayview.club
GNU Affero General Public License v3.0
4 stars 0 forks source link

[BUG] Admin pages have no auth #6

Closed Raymo111 closed 4 years ago

Raymo111 commented 4 years ago

Describe the bug

Admin pages have no auth required. As long as you go to /admin, even without logging in you can access everything.

To Reproduce

  1. Logout
  2. Go to /admin
  3. You can access everything.

Expected behavior

/admin should 403 and deny access.

Screenshots

image

Additional context

espidev commented 4 years ago

oops I accidentally disabled checking roles when I added the submission perm check

espidev commented 4 years ago

this seems to somehow be an issue on smoothie.bayview.club, but not when testing locally? not totally sure why yet

will have to check out later

espidev commented 4 years ago

fixed