Yuvipanda has uploaded a new change for review. https://gerrit.wikimedia.org/r/296952
Change subject: Slightly stronger user authentication check ...................................................................... Slightly stronger user authentication check Bug: T134699 Change-Id: I41f2c1af7ca3066f4efcac37cef08784aec65919 --- M quarry/web/app.py 1 file changed, 3 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/analytics/quarry/web refs/changes/52/296952/1 diff --git a/quarry/web/app.py b/quarry/web/app.py index 75a5179..fdde34c 100644 --- a/quarry/web/app.py +++ b/quarry/web/app.py @@ -212,6 +212,9 @@ text = request.form['text'] query = g.conn.session.query(Query).filter(Query.id == request.form['query_id']).one() + if query.user_id != get_user().id: + return "Authorization denied", 403 + if query.latest_rev and query.latest_rev.latest_run: result = worker.run_query.AsyncResult(query.latest_rev.latest_run.task_id) if not result.ready(): -- To view, visit https://gerrit.wikimedia.org/r/296952 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I41f2c1af7ca3066f4efcac37cef08784aec65919 Gerrit-PatchSet: 1 Gerrit-Project: analytics/quarry/web Gerrit-Branch: master Gerrit-Owner: Yuvipanda <yuvipa...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits