kotovalexarian-likes-github
/
varvet--pundit
mirror of https://github.com/varvet/pundit.git
1
0
Fork 0
Code Releases Activity
varvet--pundit/lib/generators
History
Kim Burgestrand 44cfa73d72 Require users to explicitly define Scope#resolve 
Closes https://github.com/varvet/pundit/pull/711 (original issue and pull request)

> A01:2021-Broken Access Control is the category with the most serious web
application security risk.
>
> Using scope.all in templates violates the principle of least privilege
or deny by default, where access should only be granted for particular
capabilities, roles, or users.
>
> This change improves the security of default templates
>
> Ref: https://owasp.org/Top10/A01_2021-Broken_Access_Control/
— by @tagliala (github.com/tagliala)

Co-authored-by: Duncan Stuart <dgmstuart@gmail.com>
 		2022-02-11 12:52:24 +01:00
..
pundit Require users to explicitly define Scope#resolve 2022-02-11 12:52:24 +01:00
rspec Make generators comply with Rubocop 2019-08-21 17:23:00 +02:00
test_unit Make generators comply with Rubocop 2019-08-21 17:23:00 +02:00