[openstreetmap/openstreetmap-website] Check user instead of scope when getting note author info (PR #5674)
Anton Khorev
notifications at github.com
Sat Feb 15 00:51:36 UTC 2025
Previously it was possible to create a note while authorized but having no write_notes scope. The scope check was added to fix #4362.
Currently it's not possible to create notes in this manner and there's a test for that:
https://github.com/openstreetmap/openstreetmap-website/blob/f5af8befa9ffe0c95f4a3c58d2fbb63a2e971ab0/test/controllers/api/notes_controller_test.rb#L233-L242
You can view, comment on, or merge this pull request online at:
https://github.com/openstreetmap/openstreetmap-website/pull/5674
-- Commit Summary --
* Check user instead of scope when getting note author info
-- File Changes --
M app/controllers/api/notes_controller.rb (2)
-- Patch Links --
https://github.com/openstreetmap/openstreetmap-website/pull/5674.patch
https://github.com/openstreetmap/openstreetmap-website/pull/5674.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5674
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/pull/5674 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20250214/6c4e7d3c/attachment-0001.htm>
More information about the rails-dev
mailing list