[openstreetmap/openstreetmap-website] Create & comment notes possible with access token without `write_notes` permission (Issue #4362)

[Tobias Zwick]

Sorry, I didn't notice the "Report a security vulnerability" button in the "new issue" template list. Feel free to make this report invisible to non-contributors.

I have also not been sure if this is intended behavior or not, because the permission is translated to English as "Modify notes" (sounds like "Editing notes")

![image](https://github.com/openstreetmap/openstreetmap-website/assets/4661658/5f878ae0-63fb-46db-9145-77be105709a7)

... though, reflecting, I don't remember editing notes to be possible ever.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/4362#issuecomment-1822680557
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/issues/4362/1822680557 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20231122/0f932aa4/attachment.htm>