http://sourceforge.net/rest/p/allura/ lists tools that are not public (e.g. private-tickets). This is a only minor security concern since we only expose the existence of such tools, the contents are already properly protected.
Created #320: [#5294] Need to do permission checks on project REST controller (1cp)
Closed #320. je/42cc_5294