Yuvipanda has submitted this change and it was merged.
Change subject: Slightly stronger user authentication check
......................................................................
Slightly stronger user authentication check
Bug: T134699
Change-Id: I41f2c1af7ca3066f4efcac37cef08784aec65919
---
M quarry/web/app.py
1 file changed, 3 insertions(+), 0 deletions(-)
Approvals:
Yuvipanda: Verified; Looks good to me, approved
diff --git a/quarry/web/app.py b/quarry/web/app.py
index 75a5179..fdde34c 100644
--- a/quarry/web/app.py
+++ b/quarry/web/app.py
@@ -212,6 +212,9 @@
text = request.form['text']
query = g.conn.session.query(Query).filter(Query.id ==
request.form['query_id']).one()
+ if query.user_id != get_user().id:
+ return "Authorization denied", 403
+
if query.latest_rev and query.latest_rev.latest_run:
result =
worker.run_query.AsyncResult(query.latest_rev.latest_run.task_id)
if not result.ready():
--
To view, visit https://gerrit.wikimedia.org/r/296952
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I41f2c1af7ca3066f4efcac37cef08784aec65919
Gerrit-PatchSet: 2
Gerrit-Project: analytics/quarry/web
Gerrit-Branch: master
Gerrit-Owner: Yuvipanda <yuvipa...@wikimedia.org>
Gerrit-Reviewer: Yuvipanda <yuvipa...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
