Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Public bundles can have patches removed by anyone? #599

Open
djbw opened this issue Jul 23, 2024 · 1 comment
Open

Public bundles can have patches removed by anyone? #599

djbw opened this issue Jul 23, 2024 · 1 comment
Labels
bug web-ui Issues with the web UI

Comments

@djbw
Copy link

djbw commented Jul 23, 2024

Perhaps this is an abuse of bundles, but we find it useful in our project to share an API token between maintainers for a shared user that maintains a public bundle. This provides a common location for anyone to see the patches that have been pulled into the review queue. Only folks with the API token can add to the bundle, but it appears that any account can remove patches from the bundle. Is that by design?
@stephenfin
Copy link
Member

This is a bug. The API enforces the correct behaviour, but the web UI does not. Only the owner of a bundle should be able to manipulate the bundle.

@stephenfin stephenfin added bug web-ui Issues with the web UI labels Jul 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug web-ui Issues with the web UI
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@djbw @stephenfin