maxime-rainville
commented
2 years ago Not 100% sure if this is worth covering with Unit test ... I can add some if we think it is.
Closed maxime-rainville closed 2 years ago
maxime-rainville
commented
2 years ago Not 100% sure if this is worth covering with Unit test ... I can add some if we think it is.
maxime-rainville
commented
2 years ago Just added some unit test ... I also specifically tested that they would have failed with the old logic
emteknetnz
commented
2 years ago Merge on green
emteknetnz
commented
2 years ago maxime-rainville
commented
2 years ago Just fixed the linting issue.
We considered treating this as a security issue but decided that the amount of sensitive information in an image does not warrant it.
In some context, the CMS will grant your session permission to view a file irrespective of if you have access to view it. The specific thing we are trying to address here is being able to view a restricted image if it's added to a campaign.
Previous places where we addressed this included an option to allow automatic session grant via a config. I don't think we need to do this anymore since tho AssetStore now automatically grant you access to view files.