Views with security concerns
The following views do not properly secure DataFile or DataSet access and could allow any logged in user to use them:
-
DataFileAnnotateView -
DataFileUpdateView -
DataFileDeleteView -
DataFileAnnotationJSONView -
DataFileMetadataJSONView -
DataSetInitDetailsView -
DataSetUpdateView -
DataSetDisplayFieldsUpdateView -
DataSetDeleteView
Note: take into account read_only datasets (writeable_by_profile)
Edited by Jonathan Séguin