Add authorization on GET `project_import` endpoint
What does this MR do and why?
This issue follows up on previous work to add authorization to the project_import_status
endpoint.
Previously, the project_import_status
endpoint was publicly accessible to any user. This posed a security risk, as project import status reveals potentially sensitive information about projects.
To improve security, we have now placed the project_import_status
endpoint behind authentication. Users must be signed in to access the endpoint and view associated project import status data.
This change limits availability of the endpoint to authorized users only. Implementing authentication helps mitigate the security risks of exposing project import status publicly.
Screenshots or screen recordings
N/A
How to set up and validate locally
- Checkout the branch
- Create an account and invite with a role below maintainer
- Try to create a new project by importing from the template
- Validate that everything works
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.