[aur-dev][PATCH] Move permission for LIST_COMMENTS to dev/tu block

Eli Schwartz eschwartz at archlinux.org
Sun Aug 18 16:47:15 UTC 2019

On 8/18/19 4:55 AM, Lars Rustand wrote:
> Will this still allow users to view their own comments? That is a very
> useful feature that I use often to not forget my conversations

No, but I can modify the patch to allow it.

Before I did anything, it was inadvertently discovered that not only can
users view anyone's comments, which doesn't seem to have been the
intended goal, users could also view anyone's *deleted* comments which
was entirely not wanted at all. :/

It should be simple to allow users to view the /comments page for their
own profile alone.

Eli Schwartz
Bug Wrangler and Trusted User

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1601 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-dev/attachments/20190818/5a5ece34/attachment.sig>

More information about the aur-dev mailing list