[CLOUD-124] Only the authenticated user can read/write their settings on dotcom (!27063) · Merge requests · Administrator / sourcegraph

Administrator requested to merge jc/CLOUD-124-RW-user-settings into main Nov 04, 2021

Created by: unknwon

Previously, we only did frontend check for preventing accessing and/or updating user settings (the JSON blob) on Sourcegraph.com, but those endpoints are still accessible using GraphQL queries directly by site admins. This PR fixes this problem.

Part of CLOUD-124

[CLOUD-124] Only the authenticated user can read/write their settings on dotcom

Merge request reports