Vulnerability in EPiServer.Forms
As of now our multisite uses one common Wastebasket where editors could potentially delete or restore content for another site with right permissions. We were wondering if there is any good solution on this problem?
I haven't tried this out much myself but based of what you have mentioned, what you could do is implement a content event as shown in this link https://world.optimizely.com/blogs/scott-reed/dates/2020/11/handling-content-events-with-the-waste-basket/ . From here then attempt to get the user and their related permissions to then detect if the content has been deleted or restored with the correct permissions.
Hope this helps you proceed in the right direction of trying to solve this issue
Thank u for ur answer. It definetly helps us in the right direction. Is it possible though to limit what the editors see in the waste basket? Or is that impossible as it works now?