Closed maxime-rainville closed 2 years ago
Not 100% sure if this is worth covering with Unit test ... I can add some if we think it is.
Just added some unit test ... I also specifically tested that they would have failed with the old logic
Merge on green
Just fixed the linting issue.
We considered treating this as a security issue but decided that the amount of sensitive information in an image does not warrant it.
In some context, the CMS will grant your session permission to view a file irrespective of if you have access to view it. The specific thing we are trying to address here is being able to view a restricted image if it's added to a campaign.
Previous places where we addressed this included an option to allow automatic session grant via a config. I don't think we need to do this anymore since tho AssetStore now automatically grant you access to view files.