Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Silenced users posts still show up when accessed directly #374

Closed
mrvdb opened this issue Aug 26, 2020 · 2 comments
Closed

Silenced users posts still show up when accessed directly #374

mrvdb opened this issue Aug 26, 2020 · 2 comments
Assignees
Milestone

Comments

@mrvdb
Copy link
Collaborator

@mrvdb mrvdb commented Aug 26, 2020

The list of posts is correctly blocked, but individual posts are accessible it seems.

This is a partial screenshot of anonymous access to the url of the post. At the very least, the message is wrong.

20200826_1258

I haven't tested extensively with all silenced accounts. The 'user account URI' itself is properly not giving any content. (list of posts)

Expected behaviour:

  • all users, including anonymous are not able to see any posts of a silenced user
  • optionally, make an exception for the admin user, so the post content can be reviewed
@thebaer
Copy link
Contributor

@thebaer thebaer commented Aug 27, 2020

Agreed, on this page we should check the currently authenticated user, and:

  • If not logged in, return 404, just like on the silenced user's blog
  • If logged in as user and user.ID != post.OwnerID, return 404
  • If logged in as user and !user.IsAdmin(), return 404

Anyone should feel free to claim this task and open a pull request for a fix!

@colin-axner
Copy link
Contributor

@colin-axner colin-axner commented Sep 16, 2020

hello! I'd like to try to tackle this issue

@colin-axner colin-axner mentioned this issue Sep 17, 2020
1 of 1 task complete
@thebaer thebaer closed this in #384 Apr 7, 2021
@thebaer thebaer added this to the 0.13 milestone Apr 7, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Linked pull requests

Successfully merging a pull request may close this issue.

3 participants