Content
View differences
Updated by Pavel Balashou over 2 years ago
### Steps to reproduce
1. Open one a page like `https://openproject.local/projects/demo-project/settings/project_storages/63/members`
2. If you are lucky like with `project_storage_id` you will see members list.
### What is the buggy behavior?
Pages with routes like `/projects/{:project_id or :project_name}/settings/project_storages/:project_storage_id/members` can be accessed without a user being logged in. session.
### What is the expected behavior?
Unauthorized user has no access to project storage members page.
1. Open
2. If you are lucky
### What is the buggy behavior?
Pages with routes like `/projects/{:project_id or :project_name}/settings/project_storages/:project_storage_id/members` can be accessed without a user being logged in.
### What is the expected behavior?
Unauthorized user has no access to project storage members page.