Closed ajrbyers closed 1 year ago
This one isn't serious as it appears an editor has shared a editor only preview galley link with a non-editor but we should handle it anyway.
This view https://github.com/BirkbeckCTP/typesetting/blob/efd2d189621534b3d491e192c2334faaa32eb6d1/views.py#L1283
is decorated by this security function https://github.com/BirkbeckCTP/typesetting/blob/8384d6702798470143909388859bdfd5c3aa4bb3/security.py#L48
If a non-editor user goes to the editor/staff URL they will get a 500 as there is no assignment_id present in kwargs, this should be handled as a permission error.
assignment_id
Sentry report: https://sentry.io/organizations/open-library-of-humanities/issues/3755315846/?project=160048&query=is%3Aunresolved&referrer=issue-stream
ajrbyers
commented
1 year ago
This one isn't serious as it appears an editor has shared a editor only preview galley link with a non-editor but we should handle it anyway.
This view https://github.com/BirkbeckCTP/typesetting/blob/efd2d189621534b3d491e192c2334faaa32eb6d1/views.py#L1283
is decorated by this security function https://github.com/BirkbeckCTP/typesetting/blob/8384d6702798470143909388859bdfd5c3aa4bb3/security.py#L48
If a non-editor user goes to the editor/staff URL they will get a 500 as there is no
assignment_idpresent in kwargs, this should be handled as a permission error.