Differential D20684

Fix policy behavior of "slowvote.info" API method
ClosedPublic
Actions

Authored by epriestley on Jul 30 2019, 6:53 PM.

Tags

None

Referenced Files

	F13186998: D20684.diff
	Sat, May 11, 4:16 AM

	Unknown Object (File)
	Tue, May 7, 7:21 AM

	Unknown Object (File)
	Fri, May 3, 5:58 AM

	Unknown Object (File)
	Thu, May 2, 3:30 AM

	Unknown Object (File)
	Sun, Apr 28, 9:15 AM

	Unknown Object (File)
	Sun, Apr 28, 5:23 AM

	Unknown Object (File)
	Sat, Apr 27, 3:54 PM

	Unknown Object (File)
	Fri, Apr 26, 12:47 AM

Subscribers

None

Details

Reviewers: None
Maniphest Tasks: T13350: Ancient "slowvote.info" API method bypasses policy checks
Commits: rP7e09da3313fb: Fix policy behavior of "slowvote.info" API method

Summary

Ref T13350. This ancient API method is missing modern policy checks.

Test Plan

Set visibility of vote X to "Only: epriestley".
Called "slowvote.info" as another user.
Before: retrieved poll title and author.
After: policy error.
Called "slowvote.info" on a visible poll, got information before and after.

Diff Detail

Repository

Branch

vote1x

Lint

Lint Passed

Unit

Tests Passed

Build Status

Buildable 23195
Build 31860: Run Core Tests
Build 31859: arc lint + arc unit

Event Timeline

epriestley created this revision.Jul 30 2019, 6:53 PM

Harbormaster completed remote builds in B23195: Diff 49331.Jul 30 2019, 6:55 PM

This revision was not accepted when it landed; it landed in state Needs Review.Jul 30 2019, 6:55 PM

epriestley requested review of this revision.

Closed by commit rP7e09da3313fb: Fix policy behavior of "slowvote.info" API method (authored by epriestley). · Explain Why

This revision was automatically updated to reflect the committed changes.

epriestley added a commit: rP7e09da3313fb: Fix policy behavior of "slowvote.info" API method.

Revision Contents
Changeset List

Path

Size

src/

applications/

slowvote/

conduit/

SlowvoteInfoConduitAPIMethod.php

8 lines

Diff 49331

src/applications/slowvote/conduit/SlowvoteInfoConduitAPIMethod.php

Loading...