Staff can delete other user's Bookmarks


(cpradio) #1

Not sure if this is a bug, or by design, but I find it odd that staff can delete another user’s bookmarks.

Repro steps:

  • Click on a User’s User Card
  • Go to their Profile
  • Go to Bookmarks
  • Click Remove Bookmark.

(cpradio) #2

@codinghorror, Does this mean the fact that Staff can currently do this is by design? Just curious, as I see you moved it to the feature category.


(Robin Ward) #3

It is likely that our security checks say “hey sure, moderators should be able to delete bookmarks” even though it doesn’t really make sense logically.

I would consider this a bug.


(Jeff Atwood) #4

OK, you own this bug now!


(Lee_Ars) #5

This is why I don’t talk during meetings EVER.


(cpradio) #6

PR Sent


(Robin Ward) #7

Fixed here, thanks @cpradio


(cpradio) #8

Ah, that’s a clever way to do it too :slight_smile: Thanks for posting it back for me to see.


(Jeff Atwood) #9