-
-
Notifications
You must be signed in to change notification settings - Fork 744
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix PUT behavior with User-Restricted Resource Access #1130
Conversation
auth_field, | ||
request_auth_value) | ||
) | ||
desc = 'Incompatible User-Restricted Resource ' \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this might disclose a little too much info to the client. Yes, the desc field is only emitted in debug mode, but you never know someone might leave debug on by mistake.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The description string was already present, I didn't change it. I simply restructured this piece of code to fix a Flake8 line too long error. Do you want me to change the description anyway? What should I write?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, you are right, it was there already. Let us obfuscate it a little bit, maybe by simply returning the first part of the message (drop the "request was for but xx was excpected")
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done ;)
* upstream/master: (32 commits) Get rid of unwanted .vscode folder Add support for mongo $box geo query operator Marsch Huynh Improve partial downloads documentation Changelog for pyeve#1050 Test coverage for pyeve#1050 A little refactoring (DRY). Addresses pyeve#1050. fix: media endpoint Support partial request for media resource Officially deprecate Python 2.6 Changelog for pyeve#1130 Reduced error description details Fix PUT behavior with User-Restricted Resource Access flake8 typo Hung Le Changelog for pyeve#1095. Regression test for PR pyeve#1095. Oplog skipped even if confg.OPLOG=True DHuan ...
This PR fixes the behavior of PUT requests when User-Restricted Resource Access is enabled.
More in particular it ensures that, under every circumstance, users are unable to overwrite items owned by other users.