From 3ac958ac0167d1c1989fc09e893a578e8a22f21f Mon Sep 17 00:00:00 2001 From: Eli Schwartz Date: Sun, 18 Aug 2019 03:17:05 -0400 Subject: Move permission for LIST_COMMENTS to dev/tu block In commit 3578e77ad4e9258495eed7e786b7dc3aebcf1b63 we implemented listing of comments from the account details page , but this was intended to only be available to TUs and Devs. As the comment says: "display the comment list if they're a TU/dev" The credential checking code, however, set this credential for all users, contrary to the intention of the commit. In order to preserve the ability to list a person's own comments, also declare the allowed uids based on the profile being viewed. --- web/lib/credentials.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'web/lib') diff --git a/web/lib/credentials.inc.php b/web/lib/credentials.inc.php index c1251197..96c72339 100644 --- a/web/lib/credentials.inc.php +++ b/web/lib/credentials.inc.php @@ -49,7 +49,6 @@ function has_credential($credential, $approved_users=array()) { $atype = account_from_sid($_COOKIE['AURSID']); switch ($credential) { - case CRED_ACCOUNT_LIST_COMMENTS: case CRED_PKGBASE_FLAG: case CRED_PKGBASE_NOTIFY: case CRED_PKGBASE_VOTE: @@ -60,6 +59,7 @@ function has_credential($credential, $approved_users=array()) { case CRED_ACCOUNT_CHANGE_TYPE: case CRED_ACCOUNT_EDIT: case CRED_ACCOUNT_LAST_LOGIN: + case CRED_ACCOUNT_LIST_COMMENTS: case CRED_ACCOUNT_SEARCH: case CRED_COMMENT_DELETE: case CRED_COMMENT_UNDELETE: -- cgit v1.2.3-24-g4f1b