The content view in the CMS is available without needing to be logged in

laflannery commented 1 year ago

Describe the defect

The /admin/content route in the CMS is accessible without having to be logged in

To Reproduce

Steps to reproduce the behavior:

Go to The CMS login page
Confirm you are not logged into the CMS
Go to https://prod.cms.va.gov/admin/content
Confirm you are seeing the content list view and you can also access Content Audit Tools

AC / Expected behavior

[ ] You should not be able to access the following views without logging in:
- [ ] Content /admin/content
- [ ] Content audit tools /admin/content/audit
  - [ ] Content Search /admin/content/audit/search
  - [ ] Tables /admin/content/audit/tables

Screenshots

Team

Please check the team(s) that will do this work.

[x] CMS Team
[ ] Public Websites
[ ] Facilities
[ ] User support

swirtSJW commented 1 year ago

TheACs on this are not quite right. Admin content and audits are supposed to not require login. There are people who run audits on the CMS who do not have an account.

WHat has gotten messed up is the menu structure.

laflannery commented 1 year ago

After discussing with PO - probably not an issue but Iceboxing to track

department-of-veterans-affairs / va.gov-cms