fixes #2198 - add AJAX routes to existing permissions to fix non-admin UI
In 2ac3af69, the automatic authorization of XMLHttpRequests was removed for security reasons, however the controller actions need associating with specific permissions for non-admin users to use the UI.
This adds a test that will fail by default if new routes are added with no permission that grants access.
Related issues
Bug #2198: Unable to install new hosts with regular users
Added by Dominic Cleal over 11 years ago
fixes #2198 - add AJAX routes to existing permissions to fix non-admin UI
In 2ac3af69, the automatic authorization of XMLHttpRequests was removed for
security reasons, however the controller actions need associating with
specific permissions for non-admin users to use the UI.
This adds a test that will fail by default if new routes are added with no
permission that grants access.