hedgedoc

mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-23 10:16:32 -05:00

History

Dexter Chua 87be26c57e Fix default permission The code intends to check if the note is anonymous by checking if it has an owner. If it is anonymous, the default permission must be `freely`. However, at this point in the code, `owner` is never populated; only `ownerId` is. The property `owner` is automatically filled in after the Note is created, but this call happens before that. Thus, the default note permission is always `freely`, regardless of the `defaultPermission` setting. By checking `ownerId` instead of `owner`, the anonymity and hence default permission is correctly determined, This is especially an issue when `allowAnonymous` is `false`, since this would allow the user to create a note with `freely` permission when it should not be allowed. Signed-off-by: Dexter Chua <dalcde@yahoo.com.hk>	2020-06-20 20:37:05 +08:00
..
lib	Fix default permission	2020-06-20 20:37:05 +08:00
test	ESLint fixes for tests 🚨	2020-05-22 21:48:15 +02:00

Dexter Chua 87be26c57e Fix default permission

The code intends to check if the note is anonymous by checking if it has
an owner. If it is anonymous, the default permission must be `freely`.
However, at this point in the code, `owner` is never populated; only
`ownerId` is. The property `owner` is automatically filled in *after*
the Note is created, but this call happens before that.

Thus, the default note permission is always `freely`, regardless of the
`defaultPermission` setting. By checking `ownerId` instead of `owner`,
the anonymity and hence default permission is correctly determined,

This is especially an issue when `allowAnonymous` is `false`, since this
would allow the user to create a note with `freely` permission when it
should not be allowed.

Signed-off-by: Dexter Chua <dalcde@yahoo.com.hk>

2020-06-20 20:37:05 +08:00

lib

Fix default permission

2020-06-20 20:37:05 +08:00

test

ESLint fixes for tests 🚨

2020-05-22 21:48:15 +02:00