search

ciudadanointeligente / write-it

App to create and send messages to public persons. It's a component of POPLUS project.
poplus.org
GNU General Public License v3.0
38 stars 23 forks source link

Add an instance config option for stricter anonymity #1201

Closed mhl closed 7 years ago

mhl commented 7 years ago

There is a view ('all-messages-from-the-same-author-as') which, given a message slug, allows you to list any other messages with the same author email address as the message with that slug. In situations where anonymity is important, this is undesirable - someone might send a sensitive message with a false name and an uncontroversial one with their real name, in which case this view would reveal that they're sent by the same person.

This commit introduces a new instance config option ('email_and_name_must_match') which means that the 'all-messages-from-the-same-author-as' view will only show messages that have the same author_email and author_name, to avoid this information leak.

Fixes mysociety/alpaca#35 Fixes ciudadanointeligente/write-it#1194

coveralls commented 7 years ago

Coverage Status

Coverage decreased (-69.2%) to 28.917% when pulling 96f3d919fc448359568db9da2d2c2307397a68c8 on stricter-anonymity-same-messages-as into 91d920138f47c0aeb8176d8897a8de18caa938c5 on alpaca.

coveralls commented 7 years ago

Coverage Status

Coverage increased (+0.006%) to 98.081% when pulling 96f3d919fc448359568db9da2d2c2307397a68c8 on stricter-anonymity-same-messages-as into 91d920138f47c0aeb8176d8897a8de18caa938c5 on alpaca.

struan commented 7 years ago

This looks good to me.