Message6874
Hi John,
I've now pushed a change that returns a 403 -- but both, on non-searchable properties as well as non-existing props (e.g., your test with messages.authors (not the 's')). I think this is the correct way to do it as users not having permission on a property should not see it at all. Also I didn't want to dig deeper into the transitive search permission check in the framework which currently does not distinguish the two cases.
Let me know what you think!
Feel free to close this issue if it's ok for you.
Ralf |
|
Date |
User |
Action |
Args |
2020-02-12 11:38:49 | schlatterbeck | set | messageid: <1581507529.34.0.248250797046.issue2551051@roundup.psfhosted.org> |
2020-02-12 11:38:49 | schlatterbeck | set | recipients:
+ schlatterbeck, rouilj |
2020-02-12 11:38:49 | schlatterbeck | link | issue2551051 messages |
2020-02-12 11:38:49 | schlatterbeck | create | |
|