Mercurial > kallithea
annotate docs/changelog.rst @ 5875:abc1ada59076
notifications: untangle notification access check
This removes a broken permission check when viewing notifications (the
HasRepoPermissionAny object was created, but never actually called with
a repo_name argument as required). It would be non-trivial to actually
implement the check, as notifications don't track their repository
relationship explicitly, and even then, it's unclear why it would
make sense to allow a repository admin to see notifications to
other users.
It was never a vulnerability, due to a subsequent (and much stricter)
ownership check, which remains but has been untangled for readability.
In short, this changeset is a pure refactoring, except that specifying
a non-existent notification ID will now produce error 404, not 403.
author | Søren Løvborg <sorenl@unity3d.com> |
---|---|
date | Tue, 19 Apr 2016 18:03:30 +0200 |
parents | fbbe80e3322b |
children |
rev | line source |
---|---|
585 | 1 .. _changelog: |
2 | |
2095 | 3 ========= |
585 | 4 Changelog |
5 ========= | |
6 | |
5425
5ae8e644aa88
docs: spelling, grammar, content and typography
Søren Løvborg <sorenl@unity3d.com>
parents:
4177
diff
changeset
|
7 Kallithea project doesn't keep its changelog here. We refer you to our `Mercurial logs`__. |
2041
d533249e7d55
docs updates for release
Marcin Kuzminski <marcin@python-works.com>
parents:
2020
diff
changeset
|
8 |
5433
fbbe80e3322b
docs: consistent spacing around headings
Mads Kiilerich <madski@unity3d.com>
parents:
5425
diff
changeset
|
9 |
5425
5ae8e644aa88
docs: spelling, grammar, content and typography
Søren Løvborg <sorenl@unity3d.com>
parents:
4177
diff
changeset
|
10 .. __: https://kallithea-scm.org/repos/kallithea/changelog |