search

nim-lang / nimforum

Lightweight alternative to Discourse written in Nim
https://forum.nim-lang.org/
MIT License
760 stars 70 forks source link

Users can lower their rank #256

Open gabbhack opened 4 years ago

gabbhack commented 4 years ago

The ability to change your rating is limited only on the frontend side, but this restriction also works incorrectly.

GIF ![GuHNqeBJgP](https://user-images.githubusercontent.com/43146729/89900849-cbae4680-dbd3-11ea-910f-04e30dd5d312.gif)

Add a server-side check here.

Something do with frontend.

My main account was banned due to this error. I wanted to change my email, I was assigned the rank "EmailUnconfirmed", but I got the message "You can modify anyone's rank...". I tried to assign "Spammer" rank to myself and I succeeded (unfortunately).

I think this is because currentUser.get().rank has changed (to EmailUnconfirmed), and state.profile.user.rank has remained the same (Moderated). EmailUnconfirmed > Moderated, so the frontend "allowed" me to change my rank.

dom96 commented 4 years ago

hah, you banned yourself? :)

I unbanned you.