Uploaded image for project: 'MusicBrainz Server'
  1. MusicBrainz Server
  2. MBS-13086

Make the Model send to the View permissions for changing edit notes

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • None
    • Back-end

      In the first implementation of the interface to modify/remove edit notes, the permissions to change edit notes are computed in the `EditNote` React component rather than in the controllers serving edit notes. This is not a vulnerability as the controller also checks permissions when the form is submitted. But to avoid permissions mismatch in the future, these should be computed in the model to follow the MVC pattern.

      Originally discussed at https://github.com/metabrainz/musicbrainz-server/pull/2357#discussion_r1195122233.

            Unassigned Unassigned
            yvanzo yvanzo
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:

                Version Package