Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec/serializers
History
Alan Guo Xiang Tan 101ec21bc9
SECURITY: Restrict display of topic titles associated with user badges (#18768) 
Before this commit, we did not have guardian checks in place to determine if a
topic's title associated with a user badge should be displayed or not.
This means that the topic title of topics with restricted access
could be leaked to anon and users without access if certain conditions
are met. While we will not specify the conditions required, we have internally
assessed that the odds of meeting such conditions are low.

With this commit, we will now apply a guardian check to ensure that the
current user is able to see a topic before the topic's title is included
in the serialized object of a `UserBadge`.
 		2022-10-27 11:26:14 +08:00
..
about_serializer_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
admin_plugin_serializer_spec.rb DEV: Automatically require 'rails_helper' in all specs (#16077) 2022-03-01 17:50:50 +00:00
admin_user_list_serializer_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
basic_group_serializer_spec.rb DEV: Remove usages of enable_personal_messages (#18437) 2022-10-05 10:50:20 +10:00
basic_group_user_serializer_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
basic_post_serializer_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
basic_reviewable_flagged_post_serializer_spec.rb DEV: Add reviewables tab to the new user menu (#17630) 2022-07-28 11:16:33 +03:00
basic_reviewable_queued_post_serializer_spec.rb DEV: Add reviewables tab to the new user menu (#17630) 2022-07-28 11:16:33 +03:00
basic_reviewable_serializer_spec.rb DEV: Add reviewables tab to the new user menu (#17630) 2022-07-28 11:16:33 +03:00
basic_reviewable_user_serializer_spec.rb DEV: Add reviewables tab to the new user menu (#17630) 2022-07-28 11:16:33 +03:00
basic_user_serializer_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
basic_user_with_status_serializer_spec.rb DEV: move BasicUserWithStatusSerializer from Discourse Chat (#18745) 2022-10-26 16:41:31 +04:00
category_detailed_serializer_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
category_serializer_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
category_upload_serializer_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
current_user_serializer_spec.rb DEV: Sidebar default tags and categories are determined at user creation (#18620) 2022-10-27 06:38:50 +08:00
detailed_user_badge_serializer_spec.rb SECURITY: Restrict display of topic titles associated with user badges (#18768) 2022-10-27 11:26:14 +08:00
directory_item_serializer_spec.rb DEV: Automatically require 'rails_helper' in all specs (#16077) 2022-03-01 17:50:50 +00:00
emoji_serializer_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
found_user_serializer_spec.rb DEV: return user status on the user search route (#17716) 2022-08-09 14:54:33 +04:00
found_user_with_status_serializer_spec.rb DEV: return user status on the user search route (#17716) 2022-08-09 14:54:33 +04:00
group_show_serializer_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
listable_topic_serializer_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
new_post_result_serializer_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
notification_serializer_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
pending_post_serializer_spec.rb DEV: Automatically require 'rails_helper' in all specs (#16077) 2022-03-01 17:50:50 +00:00
post_revision_serializer_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
post_serializer_spec.rb DEV: Remove harded id when fabricating in tests (#18729) 2022-10-25 06:18:40 +08:00
reviewable_flagged_post_serializer_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
reviewable_queued_post_serializer_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
reviewable_score_serializer_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
reviewable_serializer_spec.rb DEV: Use AR enums in reviewables related code 2022-09-22 14:44:27 +02:00
reviewable_user_serializer_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
single_sign_on_record_serializer_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
site_serializer_spec.rb DEV: Sidebar default tags and categories are determined at user creation (#18620) 2022-10-27 06:38:50 +08:00
suggested_topic_serializer_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
tag_group_serializer_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
theme_serializer_spec.rb DEV: Automatically require 'rails_helper' in all specs (#16077) 2022-03-01 17:50:50 +00:00
topic_link_serializer_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
topic_list_item_serializer_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
topic_list_serializer_spec.rb DEV: Automatically require 'rails_helper' in all specs (#16077) 2022-03-01 17:50:50 +00:00
topic_tracking_state_serializer_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
topic_view_details_serializer_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
topic_view_posts_serializer_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
topic_view_serializer_spec.rb DEV: Remove usages of enable_personal_messages (#18437) 2022-10-05 10:50:20 +10:00
upload_serializer_spec.rb DEV: Rename secure_media to secure_uploads (#18376) 2022-09-29 09:24:33 +10:00
user_auth_token_serializer_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
user_badge_serializer_spec.rb SECURITY: Restrict display of topic titles associated with user badges (#18768) 2022-10-27 11:26:14 +08:00
user_bookmark_list_serializer_spec.rb FEATURE: Promote polymorphic bookmarks to default and migrate (#16729) 2022-05-23 10:07:15 +10:00
user_card_serializer_spec.rb DEV: Remove remaining hardcoded ids (#18735) 2022-10-25 15:29:09 +08:00
user_post_bookmark_serializer_spec.rb DEV: Add bookmarks tab to the new user menu (#17814) 2022-08-08 17:24:04 +03:00
user_serializer_spec.rb DEV: Remove remaining hardcoded ids (#18735) 2022-10-25 15:29:09 +08:00
user_summary_serializer_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
web_hook_post_serializer_spec.rb DEV: Automatically require 'rails_helper' in all specs (#16077) 2022-03-01 17:50:50 +00:00
web_hook_topic_view_serializer_spec.rb DEV: Automatically require 'rails_helper' in all specs (#16077) 2022-03-01 17:50:50 +00:00
web_hook_user_serializer_spec.rb DEV: Automatically require 'rails_helper' in all specs (#16077) 2022-03-01 17:50:50 +00:00
wizard_serializer_spec.rb DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00