You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In servers.test.ts there are a bunch of tests demonstrating what a server can and cannot do, but it seems like those permissions are enforced by a combination of two things: (1) if a server isn't an admin (and it probably shouldn't ever be) then it can't add any links to the graph that are admin-only; and (2) there are checks in the Team public API that will throw if called by a server. But for example I think a server could add an 'ADD_DEVICE' link to the chain directly (without going through the public API).
As a side note we should probably enforce that a server can't ever be an admin.
The text was updated successfully, but these errors were encountered:
In servers.test.ts there are a bunch of tests demonstrating what a server can and cannot do, but it seems like those permissions are enforced by a combination of two things: (1) if a server isn't an admin (and it probably shouldn't ever be) then it can't add any links to the graph that are admin-only; and (2) there are checks in the
Teampublic API that will throw if called by a server. But for example I think a server could add an 'ADD_DEVICE' link to the chain directly (without going through the public API).As a side note we should probably enforce that a server can't ever be an admin.
The text was updated successfully, but these errors were encountered: