projects / arvados.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 63de949) | patch
16108: Change wb1 'favorites' to filter on user_uuid instead of tail_uuid
authorPeter Amstutz <peter.amstutz@curii.com>
Sun, 2 Feb 2020 17:58:16 +0000 (12:58 -0500)
committerPeter Amstutz <peter.amstutz@curii.com>
Sun, 2 Feb 2020 17:58:16 +0000 (12:58 -0500)
commit4e450b7c2ec9563dd6d670238d096d1bc9fd158f
tree44bbc7d1d671d13c16eab6c51a7e48909df26ccftree | snapshot
parent63de9493f14d062af48673fa1c4775d9c4e890fbcommit | diff
16108: Change wb1 'favorites' to filter on user_uuid instead of tail_uuid

Fixes potential exploit by which a malicious user could inject
favorites into another user's favorites list.

Public favorites owned by "All Users" will now appear in wb1.

Move documentation about 'star' links from admin section to API
documentation.

Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
apps/workbench/app/controllers/actions_controller.rb diff | blob | history
apps/workbench/app/controllers/application_controller.rb diff | blob | history
doc/_config.yml diff | blob | history
doc/admin/favorites.html.textile.liquid [deleted file] blob | history
doc/api/methods/links.html.textile.liquid diff | blob | history