Site admins cannot add access tokens for any user by default (!20988) · Merge requests · Administrator / sourcegraph

Administrator requested to merge core/CheckSiteAdminOrSameUser-audit into main May 14, 2021

Created by: ryanslade

By default, when any user can create access tokens, do not allow site admins to create tokens for other users. This would allow them to potentially use the access token to gain access to the user's private code.

Update usages of CheckSiteAdminOrSameUser and switch to CheckSameUser where it might expose private code.

Part of https://github.com/sourcegraph/sourcegraph/issues/20983

Site admins cannot add access tokens for any user by default

Merge request reports