[MediaWiki-commits] [Gerrit] Slightly stronger user authentication check - change (analytics...web)
Yuvipanda has submitted this change and it was merged. Change subject: Slightly stronger user authentication check .. Slightly stronger user authentication check Bug: T134699 Change-Id: I41f2c1af7ca3066f4efcac37cef08784aec65919 --- M quarry/web/app.py 1 file changed, 3 insertions(+), 0 deletions(-) Approvals: Yuvipanda: Verified; Looks good to me, approved diff --git a/quarry/web/app.py b/quarry/web/app.py index 75a5179..fdde34c 100644 --- a/quarry/web/app.py +++ b/quarry/web/app.py @@ -212,6 +212,9 @@ text = request.form['text'] query = g.conn.session.query(Query).filter(Query.id == request.form['query_id']).one() +if query.user_id != get_user().id: +return "Authorization denied", 403 + if query.latest_rev and query.latest_rev.latest_run: result = worker.run_query.AsyncResult(query.latest_rev.latest_run.task_id) if not result.ready(): -- To view, visit https://gerrit.wikimedia.org/r/296952 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I41f2c1af7ca3066f4efcac37cef08784aec65919 Gerrit-PatchSet: 2 Gerrit-Project: analytics/quarry/web Gerrit-Branch: master Gerrit-Owner: Yuvipanda Gerrit-Reviewer: Yuvipanda ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Slightly stronger user authentication check - change (analytics...web)
Yuvipanda has uploaded a new change for review. https://gerrit.wikimedia.org/r/296952 Change subject: Slightly stronger user authentication check .. Slightly stronger user authentication check Bug: T134699 Change-Id: I41f2c1af7ca3066f4efcac37cef08784aec65919 --- M quarry/web/app.py 1 file changed, 3 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/analytics/quarry/web refs/changes/52/296952/1 diff --git a/quarry/web/app.py b/quarry/web/app.py index 75a5179..fdde34c 100644 --- a/quarry/web/app.py +++ b/quarry/web/app.py @@ -212,6 +212,9 @@ text = request.form['text'] query = g.conn.session.query(Query).filter(Query.id == request.form['query_id']).one() +if query.user_id != get_user().id: +return "Authorization denied", 403 + if query.latest_rev and query.latest_rev.latest_run: result = worker.run_query.AsyncResult(query.latest_rev.latest_run.task_id) if not result.ready(): -- To view, visit https://gerrit.wikimedia.org/r/296952 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I41f2c1af7ca3066f4efcac37cef08784aec65919 Gerrit-PatchSet: 1 Gerrit-Project: analytics/quarry/web Gerrit-Branch: master Gerrit-Owner: Yuvipanda ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits