Composer lets you edit someone else's post

You can’t save an edit, which is good! But I’d suggest you shouldn’t even be able to open the composer.

Simple repro: Go to bottom of a topic, hit J and/or K up to a few times to select a post. Then hit E and the composer opens an edit window.

If you hit Save Edit, you’ll get “You are not permitted to view the requested resource” which is also probably the wrong error message.

This sure confused the heck out of me when I ran into it a few minutes ago.

14 Likes

Yes this is a bug, can you add it to your list @techapj?

3 Likes

Fixed via:

https://github.com/discourse/discourse/commit/2412542c7769682ba5002df627dc359b2e35ef23

There was a similar issue when non-authorized user tries to delete a post using keyboard shortcut, fixed that too.

6 Likes