search

minetest / contentdb

A content database for Minetest mods, games, and more
https://content.minetest.net
GNU Affero General Public License v3.0
95 stars 46 forks source link

Own comments are not accessible #428

Closed Niklp09 closed 1 year ago

Niklp09 commented 1 year ago

Own comments are not accessible

Steps to reproduce

Log in and try to open your comments. Results in a forbidden ressource (403) grafik

rollerozxa commented 1 year ago

If I remember correctly, the user comments page was made inaccessible to non-staff since it would leak private comments. But it should still be possible to see your own comments again since it's assumed you would have access to all of them anyways.

The real fix would obviously be checking on the page, for each comment, whether the user can read the comment (is it private? if so, does user have ability to read it? (participating, or staff)), though.

rubenwardy commented 1 year ago

Yeah, I locked access to the comments as there was a security problem. I could readd access to just your own comments, but the ideal solution would require checking per-comment whether the viewer has access