Open lucalanca opened 5 years ago
Additional data: permissions logic added to the collection (via the CRUD code editor fields under Permissions tab) is not respected when querying via cockpitql. This is a security concern, as potentially sensitive data could be exposed on the cockpitql endpoint.
@aheinze This seems pretty critical for production use
Current
It seems that the
token
parameter is always needed when getting data. Even if the requested data has public visibility.Expected