Open dvstans opened 3 years ago
The acl/by_subject DB method allows any user to view ACL information for any other user. This should be restricted to only the authenticated user or admins.
The acl/by_subject DB method allows any user to view ACL information for any other user. This should be restricted to only the authenticated user or admins.