Tim Abbott fa77467d5d api: Don't allow editing non-editable flags. ...

Previously, we didn't have validation to prevent editing certain flags
that don't make sense for a client to edit, like whether a user was
mentioned in a given message.

This isn't a security issue -- the user could only mess up their own
personal search results (etc.), but it does seem worth fixing to avoid
confusion for folks developing Zulip clients.

While we're at it, clearly document the situation in comments.

2019-06-04 00:33:21 -07:00

190 KiB

Raw Blame History

View Raw