Make allowed? with no args return false

Diane Russelrequested to merge
dlrussel/update-allowed into main

Description

When no abilities are passed to allowed?(), it returns true. In theory this could lead to a security issue if accidentally called with no arguments.

So this MR just adds an early return so that if someone mistakenly calls allowed?() with no arguments, access is denied rather than granted.

Suggested version bump

  • Major (backwards incompatible changes)
  • Minor (backwards compatible changes)
  • Patch (API compatible changes)

Checklist

  • Tests have been added or updated to cover any changes in behavior
  • This does not change the API to consume this library, or a suggested version bump has been provided
  • Add git trailer Changelog: <category>
  • No new runtime dependencies have been introduced
Edited by Diane Russel

Merge request reports