Skip to content

A user with "write" permission can delete a case using API #773

New issue
New issue
Closed
Closed
A user with "write" permission can delete a case using API#773
Assignees
To-om
Labels
bug
Milestone
 
3.2.0-RC1
@To-om

Description

@To-om
To-om
opened on Oct 23, 2018

Request Type

Bug

Work Environment

TheHive <= 3.1.2

Problem Description

Using the UI, an user requires "admin" right to delete a case.Using the API, only "write" permission is enough.
This is inconsistent.

Possible Solutions

The back-end should refuse to delete a case if the user is not admin.

Metadata

Metadata

Assignees

Labels

bug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions