Skip to content

Add missing scope check for endpoints ending in /{ef_username}

An additional check needs to be made when querying GET /{ef_username} and DELETE /{ef_username}. Admin scope needs to be available for these. There also needs to be a check to ensure the username in the URL belongs to the user making the request if they aren't admin. Further small tweaks to the flow may need to be made.

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent