Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make necessary configs available to the front end #1128

Merged
merged 1 commit into from
Nov 5, 2021
Merged

Make necessary configs available to the front end #1128

merged 1 commit into from
Nov 5, 2021

Conversation

kamil4
Copy link
Contributor

@kamil4 kamil4 commented Oct 27, 2021

Fixes #1127

As it turns out, config variables with confidentiality set to 2 aren't actually available to the front end as part of Session::init. The server distinguishes only between public and admin; there is no separate provision for logged in users.

This patch follows this model and changes the confidentiality of three variables that should be exposed to logged in users (editor_enabled, upload_processing_limit, and public_photos_hidden) to 0.

An alternative implementation would be for Session::init to treat logged in users as a separate category. Feedback welcome...

@kamil4 kamil4 requested review from ildyria, d7415 and nagmat84 October 27, 2021 18:44
@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 27, 2021
edited
Loading

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
78.1% 78.1% Duplication

d7415
d7415 approved these changes Oct 28, 2021
View reviewed changes
Copy link
Contributor

@d7415 d7415 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't tested it, but it looks sensible.

I like the idea of a "logged in"/"user" confidentiality, but in the meantime I see no major issue with leaking these settings to the public scope.

@ildyria
Copy link
Member

ildyria commented Oct 30, 2021
edited
Loading

Ideally the logged-in users should be seeing more than the non-logged-in but less than admin level. That would be the point of having the confidentiality set to 1 instead of 2 actually.

However I am not sure the logic of Session::init() allows this differentiation.

@ildyria ildyria added the hacktoberfest-accepted Accept for Hacktoberfest, will merge later label Oct 30, 2021
@ildyria ildyria merged commit 815f896 into master Nov 5, 2021
@ildyria ildyria deleted the fix-1127 branch November 5, 2021 14:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@d7415 d7415 d7415 approved these changes

@ildyria ildyria Awaiting requested review from ildyria

@nagmat84 nagmat84 Awaiting requested review from nagmat84

Assignees
No one assigned
Labels
hacktoberfest-accepted Accept for Hacktoberfest, will merge later
Projects
None yet
Milestone
No milestone
3 participants
@kamil4 @ildyria @d7415