Security on actions and views for show-blogentry
Bug #337260 reported by
Paul Everitt
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
KARL3 |
Fix Released
|
Medium
|
Tres Seaver |
Bug Description
From: http://
"Only the creator of the blog entry (or an administrator) can edit a blog entry. Other community members (including moderators) are not allowed to edit someone’s blog entry."
Thus, make sure the Edit and Delete actions don't appear except for the creator and make sure the edit and delete views are protected appropriately.
Changed in karl3: | |
assignee: | nobody → chrism-plope |
importance: | Undecided → Medium |
milestone: | none → m4 |
Changed in karl3: | |
assignee: | nobody → tseaver |
Changed in karl3: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Security was grinding the project to a halt, let's move this to M7.