[aur-dev][PATCH] Move permission for LIST_COMMENTS to dev/tu block
Eli Schwartz
eschwartz at archlinux.org
Sun Aug 18 16:47:15 UTC 2019
On 8/18/19 4:55 AM, Lars Rustand wrote:
> Will this still allow users to view their own comments? That is a very
> useful feature that I use often to not forget my conversations
No, but I can modify the patch to allow it.
Before I did anything, it was inadvertently discovered that not only can
users view anyone's comments, which doesn't seem to have been the
intended goal, users could also view anyone's *deleted* comments which
was entirely not wanted at all. :/
It should be simple to allow users to view the /comments page for their
own profile alone.
--
Eli Schwartz
Bug Wrangler and Trusted User
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1601 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-dev/attachments/20190818/5a5ece34/attachment.sig>
More information about the aur-dev
mailing list