mirror of
https://github.com/varvet/pundit.git
synced 2022-11-09 12:30:11 -05:00
44cfa73d72
Closes https://github.com/varvet/pundit/pull/711 (original issue and pull request) > A01:2021-Broken Access Control is the category with the most serious web application security risk. > > Using scope.all in templates violates the principle of least privilege or deny by default, where access should only be granted for particular capabilities, roles, or users. > > This change improves the security of default templates > > Ref: https://owasp.org/Top10/A01_2021-Broken_Access_Control/ — by @tagliala (github.com/tagliala) Co-authored-by: Duncan Stuart <dgmstuart@gmail.com> |
||
|---|---|---|
| .. | ||
| policies | ||
| authorization_spec.rb | ||
| generators_spec.rb | ||
| policy_finder_spec.rb | ||
| pundit_spec.rb | ||
| spec_helper.rb | ||