Skip to content
This repository has been archived by the owner on Jan 8, 2019. It is now read-only.

Reader users can see other users preferences #1064

Closed
edmundoa opened this issue Jan 22, 2015 · 2 comments
Closed

Reader users can see other users preferences #1064

edmundoa opened this issue Jan 22, 2015 · 2 comments
Assignees
Milestone

Comments

@edmundoa
Copy link
Contributor

Knowing the URL, reader users can reach other users edit form. They can't edit any information, but they can still read it.

@edmundoa edmundoa self-assigned this Jan 22, 2015
@edmundoa edmundoa added this to the 1.0.0 milestone Jan 22, 2015
@edmundoa edmundoa changed the title Reader users should not be able to see other users preferences Reader users can see other users preferences Jan 22, 2015
@edmundoa
Copy link
Contributor Author

Same goes for the show users page. Knowing the URL, it is possible for a reader user to see other user's information.

@edmundoa edmundoa reopened this Jan 26, 2015
@edmundoa
Copy link
Contributor Author

After further consideration, I think being able to see other user's profiles from alert callbacks and other places is a good idea, so I'm closing this issue.

I spotted some issues with user authorisation in other actions, so I created #1088 to fix them.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

1 participant