paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-01 20:44:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

message: Make is_modifying_message a mandatory kwarg.

Browse Source 
This is valuable so that one is forced to explicitly make a decision
on what is correct when adding new callers. Past experience tells us that
not having to explicitly show the decision leads to people introducing
security bugs in PRs that the maintainer has to catch in review, and our
goal for access control code should be that security bugs are hard to write.
Fixes #33688.
This commit is contained in:
Shubham Padia
2025-02-28 17:39:52 +00:00
committed by Tim Abbott
parent 1a84a30759
commit 0def74b097
7 changed files with 16 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
zerver/lib/narrow.py
View File

@@ -965,7 +965,7 @@ def update_narrow_terms_containing_with_operator(
if maybe_user_profile.is_authenticated:
try:
message = access_message(maybe_user_profile, message_id)
message = access_message(maybe_user_profile, message_id, is_modifying_message=False)
except JsonableError:
can_user_access_target_message = False
else: