Differential D20684

Fix policy behavior of "slowvote.info" API method
ClosedPublic
Actions

Authored by epriestley on Jul 30 2019, 6:53 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Fri, Dec 27, 7:42 AM

	Unknown Object (File)
	Mon, Dec 16, 10:06 PM

	Unknown Object (File)
	Fri, Dec 13, 5:57 AM

	Unknown Object (File)
	Wed, Dec 11, 5:35 PM

	Unknown Object (File)
	Wed, Dec 11, 7:23 AM

	Unknown Object (File)
	Thu, Dec 5, 1:03 PM

	Unknown Object (File)
	Nov 30 2024, 6:40 AM

	Unknown Object (File)
	Nov 19 2024, 2:54 AM

Subscribers

None

Details

Reviewers: None
Maniphest Tasks: T13350: Ancient "slowvote.info" API method bypasses policy checks
Commits: rP7e09da3313fb: Fix policy behavior of "slowvote.info" API method

Summary

Ref T13350. This ancient API method is missing modern policy checks.

Test Plan

Set visibility of vote X to "Only: epriestley".
Called "slowvote.info" as another user.
Before: retrieved poll title and author.
After: policy error.
Called "slowvote.info" on a visible poll, got information before and after.

Diff Detail

Repository

Branch

vote1x

Lint

Lint Passed

Unit

Tests Passed

Build Status

Buildable 23195
Build 31860: Run Core Tests
Build 31859: arc lint + arc unit

Event Timeline

epriestley created this revision.Jul 30 2019, 6:53 PM

Harbormaster completed remote builds in B23195: Diff 49331.Jul 30 2019, 6:55 PM

This revision was not accepted when it landed; it landed in state Needs Review.Jul 30 2019, 6:55 PM

epriestley requested review of this revision.

Closed by commit rP7e09da3313fb: Fix policy behavior of "slowvote.info" API method (authored by epriestley). · Explain Why

This revision was automatically updated to reflect the committed changes.

epriestley added a commit: rP7e09da3313fb: Fix policy behavior of "slowvote.info" API method.

Revision Contents
Changeset List

Path

Size

src/

applications/

slowvote/

conduit/

SlowvoteInfoConduitAPIMethod.php

8 lines

Diff 49331

src/applications/slowvote/conduit/SlowvoteInfoConduitAPIMethod.php

Loading...