Closed davidheyman closed 3 years ago
buccalon
commented
3 years ago @davidheyman I created a user without admin privileges and managed to open a narrative from another user through the editor. Any changes that I do to this narrative are not saved, and I also don't have access to the admin panel. Regarding the gallery, this PR fixes #61.
codeclimate[bot]
commented
3 years ago Code Climate has analyzed commit 9ee148be and detected 6 issues on this pull request.
Here's the issue category breakdown:
| Category | Count |
|---|---|
| Duplication | 6 |
The test coverage on the diff in this pull request is 22.2% (50% is the threshold).
This pull request will bring the total coverage in the repository to 58.9% (-1.3% change).
View more on Code Climate.
davidheyman
commented
3 years ago @buccalon That's great. I added another layer to check auth before displaying the page on top of the database checks so this should be fixed when you check again.
The unique IDs function the same as on Google Docs when you generate a URL to share with "anyone who has the URL" in that they allow anyone to read the data but the unique IDs are impossible to guess.
Rewrote permissions to use multiple queries to determine authorized user.