[MediaWiki-commits] [Gerrit] Slightly stronger user authentication check - change (analytics...web)

Yuvipanda (Code Review) Fri, 01 Jul 2016 11:56:31 -0700

Yuvipanda has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/296952


Change subject: Slightly stronger user authentication check
......................................................................

Slightly stronger user authentication check

Bug: T134699
Change-Id: I41f2c1af7ca3066f4efcac37cef08784aec65919
---
M quarry/web/app.py
1 file changed, 3 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/analytics/quarry/web 
refs/changes/52/296952/1

diff --git a/quarry/web/app.py b/quarry/web/app.py
index 75a5179..fdde34c 100644
--- a/quarry/web/app.py
+++ b/quarry/web/app.py
@@ -212,6 +212,9 @@
     text = request.form['text']
     query = g.conn.session.query(Query).filter(Query.id == 
request.form['query_id']).one()
 
+    if query.user_id != get_user().id:
+        return "Authorization denied", 403
+
     if query.latest_rev and query.latest_rev.latest_run:
         result = 
worker.run_query.AsyncResult(query.latest_rev.latest_run.task_id)
         if not result.ready():

-- 
To view, visit https://gerrit.wikimedia.org/r/296952
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I41f2c1af7ca3066f4efcac37cef08784aec65919
Gerrit-PatchSet: 1
Gerrit-Project: analytics/quarry/web
Gerrit-Branch: master
Gerrit-Owner: Yuvipanda <yuvipa...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Slightly stronger user authentication check - change (analytics...web)

Reply via email to