KARL3

Security on actions and views for show-blogentry

Bug #337260 reported by Paul Everitt on 2009-03-03

Affects		Status	Importance	Assigned to	Milestone
	KARL3	Fix Released	Medium	Tres Seaver	KARL3 m9

Bug Description

From: http://carlos.agendaless.com/dko/policies/blog.html#edit-blog-entry

"Only the creator of the blog entry (or an administrator) can edit a blog entry. Other community members (including moderators) are not allowed to edit someone’s blog entry."

Thus, make sure the Edit and Delete actions don't appear except for the creator and make sure the edit and delete views are protected appropriately.

Tags:

Paul Everitt (paul-agendaless) on 2009-03-03

Changed in karl3:
assignee:	nobody → chrism-plope
importance:	Undecided → Medium
milestone:	none → m4

Revision history for this message

Paul Everitt (paul-agendaless) wrote on 2009-03-06:

Security was grinding the project to a halt, let's move this to M7.

Changed in karl3:
milestone:	m4 → m7

Revision history for this message

Paul Everitt (paul-agendaless) wrote on 2009-03-23:

M9 is when we tackle security.

Changed in karl3:
assignee:	chrism-plope → nobody
milestone:	m7 → m9

Paul Everitt (paul-agendaless) on 2009-04-07

Changed in karl3:
assignee:	nobody → tseaver

Revision history for this message

Tres Seaver (tseaver) wrote on 2009-04-07:

Duplicate of #344434.

Changed in karl3:
status:	New → Fix Committed

Paul Everitt (paul-agendaless) on 2009-06-08

Changed in karl3:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #336949

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.