Currently upon requesting /export of a data model there is no check for authorization. This is potentially dangerous, because an export is quite demanding on computing time, i.e. the server might be streaming data for several minutes or up to hours.
Introduce read-export as a new permission (action) and check whether the current user is authorized to read-export on the requested data model.
Currently upon requesting
/export
of a data model there is no check for authorization. This is potentially dangerous, because an export is quite demanding on computing time, i.e. the server might be streaming data for several minutes or up to hours.Introduce
read-export
as a newpermission
(action) and check whether the current user is authorized toread-export
on the requested data model.Expected work-time: 1h