Skip to content

Implement authorization for class Risk_Acceptance #13469

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: bugfix
Choose a base branch
from
Open

Implement authorization for class Risk_Acceptance #13469

wants to merge 1 commit into from

Conversation

pablosnt
Copy link
Contributor

@pablosnt pablosnt commented Oct 20, 2025
edited
Loading

Description

This fixes #13468

Add condition to run user_has_permission for risk acceptance entities based on the product associated with the engagement of the accepted findings.

Test results

Successfully made all the API requests that were affected by the bug.

@dryrunsecurity
Copy link

DryRun Security

🔴 Risk threshold exceeded.

This pull request includes a sensitive edit to dojo/authorization/authorization.py that may affect guarded code paths; sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. Please review the change carefully to ensure no unauthorized or risky modification was introduced.

🔴 Configured Codepaths Edit in dojo/authorization/authorization.py
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.

We've notified @mtesauro.

All finding details can be found in the DryRun Security Dashboard.

@valentijnscholten
Copy link
Member

closed/reopened to get the test suite unstuck.

@valentijnscholten valentijnscholten linked an issue Oct 20, 2025 that may be closed by this pull request
No authorization implemented for class Risk_Acceptance #13468
Open
3 tasks
@valentijnscholten valentijnscholten added this to the 2.51.3 milestone Oct 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@valentijnscholten valentijnscholten valentijnscholten approved these changes

@Maffooch Maffooch Awaiting requested review from Maffooch Maffooch is a code owner

@mtesauro mtesauro Awaiting requested review from mtesauro mtesauro is a code owner

At least 4 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

2.51.3

Development

Successfully merging this pull request may close these issues.

No authorization implemented for class Risk_Acceptance

2 participants

@pablosnt @valentijnscholten