Complete remaining auth TODOs prior to appsec review
What does this MR do and why?
Add authorization checks and tests, resolve all auth TODOs
See Issue: Complete remaining auth TODOs prior to appsec r... (#403623 - closed)
Tasks
-
add authorization checks to graphql endpoints and services -
add tests -
ensure all TODOs from Complete remaining auth TODOs prior to appsec r... (#403623 - closed) are addressed and removed -
do some basic exploratory testing to ensure the auth works as designed (e.g. try to access a workspace you don't own via the GraphQL API, and other basic exercises of all the policies we have defined)
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #403623 (closed)
Edited by Jerry Seto