a8d3ebc325
We check authorization for all GitHub-related operations once with
`authorize("Project:github", @project.id)`.
After that, users can provide any resource ID from other projects to
update GitHub installation settings or delete cache entry.
It's important that customers can only access their own resources.
The current bug allows updating GitHub installation settings or deleting
cache data, but it does not provide access to sensitive information.
2.8 KiB
2.8 KiB