Prevent space members from editing or deleting articles they don't own. #2603
Labels
Comments
sofyenne
added a commit
to Meeds-io/content
that referenced
this issue
Nov 20, 2024
…id not author - EXO-75398 - Meeds-io/meeds#2603
sofyenne
added a commit
to Meeds-io/content
that referenced
this issue
Nov 21, 2024
…id not author - EXO-75398 - Meeds-io/meeds#2603 (#315) Prior to this change, editing and deleting an article were based on the "can redact on space" API, which allowed members to redact in spaces that did not have a designated redactor. This logic caused an issue by allowing members to edit and delete articles they did not own. To resolve this issue, we kept the article creation logic based on the "can redact" API but updated the logic for updating and deleting articles. Now, permissions for editing and deleting articles are handled separately, preventing users from updating or deleting articles they do not own, thus fixing the issue
sofyenne
added a commit
to Meeds-io/content
that referenced
this issue
Nov 21, 2024
…id not author - EXO-75398 - Meeds-io/meeds#2603 (#315) Prior to this change, editing and deleting an article were based on the "can redact on space" API, which allowed members to redact in spaces that did not have a designated redactor. This logic caused an issue by allowing members to edit and delete articles they did not own. To resolve this issue, we kept the article creation logic based on the "can redact" API but updated the logic for updating and deleting articles. Now, permissions for editing and deleting articles are handled separately, preventing users from updating or deleting articles they do not own, thus fixing the issue
sofyenne
added a commit
to Meeds-io/content
that referenced
this issue
Nov 22, 2024
…id not author - EXO-75398 - Meeds-io/meeds#2603 (#315) Prior to this change, editing and deleting an article were based on the "can redact on space" API, which allowed members to redact in spaces that did not have a designated redactor. This logic caused an issue by allowing members to edit and delete articles they did not own. To resolve this issue, we kept the article creation logic based on the "can redact" API but updated the logic for updating and deleting articles. Now, permissions for editing and deleting articles are handled separately, preventing users from updating or deleting articles they do not own, thus fixing the issue
sofyenne
added a commit
to Meeds-io/content
that referenced
this issue
Nov 22, 2024
…id not author - EXO-75398 - Meeds-io/meeds#2603 (#315) Prior to this change, editing and deleting an article were based on the "can redact on space" API, which allowed members to redact in spaces that did not have a designated redactor. This logic caused an issue by allowing members to edit and delete articles they did not own. To resolve this issue, we kept the article creation logic based on the "can redact" API but updated the logic for updating and deleting articles. Now, permissions for editing and deleting articles are handled separately, preventing users from updating or deleting articles they do not own, thus fixing the issue
sofyenne
added a commit
to Meeds-io/content
that referenced
this issue
Nov 22, 2024
…id not author - EXO-75398 - Meeds-io/meeds#2603 (#315) Prior to this change, editing and deleting an article were based on the "can redact on space" API, which allowed members to redact in spaces that did not have a designated redactor. This logic caused an issue by allowing members to edit and delete articles they did not own. To resolve this issue, we kept the article creation logic based on the "can redact" API but updated the logic for updating and deleting articles. Now, permissions for editing and deleting articles are handled separately, preventing users from updating or deleting articles they do not own, thus fixing the issue
sofyenne
added a commit
to Meeds-io/content
that referenced
this issue
Nov 22, 2024
…id not author - EXO-75398 - Meeds-io/meeds#2603 (#315) (#317) Prior to this change, editing and deleting an article were based on the "can redact on space" API, which allowed members to redact in spaces that did not have a designated redactor. This logic caused an issue by allowing members to edit and delete articles they did not own. To resolve this issue, we kept the article creation logic based on the "can redact" API but updated the logic for updating and deleting articles. Now, permissions for editing and deleting articles are handled separately, preventing users from updating or deleting articles they do not own, thus fixing the issue
exo-swf
pushed a commit
to Meeds-io/content
that referenced
this issue
Nov 22, 2024
…id not author - EXO-75398 - Meeds-io/meeds#2603 (#315) (#317) Prior to this change, editing and deleting an article were based on the "can redact on space" API, which allowed members to redact in spaces that did not have a designated redactor. This logic caused an issue by allowing members to edit and delete articles they did not own. To resolve this issue, we kept the article creation logic based on the "can redact" API but updated the logic for updating and deleting articles. Now, permissions for editing and deleting articles are handled separately, preventing users from updating or deleting articles they do not own, thus fixing the issue
exo-swf
pushed a commit
to Meeds-io/content
that referenced
this issue
Nov 23, 2024
…id not author - EXO-75398 - Meeds-io/meeds#2603 (#315) Prior to this change, editing and deleting an article were based on the "can redact on space" API, which allowed members to redact in spaces that did not have a designated redactor. This logic caused an issue by allowing members to edit and delete articles they did not own. To resolve this issue, we kept the article creation logic based on the "can redact" API but updated the logic for updating and deleting articles. Now, permissions for editing and deleting articles are handled separately, preventing users from updating or deleting articles they do not own, thus fixing the issue
rdenarie
pushed a commit
to Meeds-io/content
that referenced
this issue
Nov 27, 2024
…id not author - EXO-75398 - Meeds-io/meeds#2603 (#315) Prior to this change, editing and deleting an article were based on the "can redact on space" API, which allowed members to redact in spaces that did not have a designated redactor. This logic caused an issue by allowing members to edit and delete articles they did not own. To resolve this issue, we kept the article creation logic based on the "can redact" API but updated the logic for updating and deleting articles. Now, permissions for editing and deleting articles are handled separately, preventing users from updating or deleting articles they do not own, thus fixing the issue
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Steps to reproduce
Current behaviour
Space members can edit and remove articles
Expected behavior
Disallow space members from editing or removing articles they didn't author
The text was updated successfully, but these errors were encountered: