Staff can delete other user's Bookmarks

(cpradio) #1

Not sure if this is a bug, or by design, but I find it odd that staff can delete another user’s bookmarks.

Repro steps:

  • Click on a User’s User Card
  • Go to their Profile
  • Go to Bookmarks
  • Click Remove Bookmark.

(cpradio) #2

@codinghorror, Does this mean the fact that Staff can currently do this is by design? Just curious, as I see you moved it to the feature category.

(Robin Ward) #3

It is likely that our security checks say “hey sure, moderators should be able to delete bookmarks” even though it doesn’t really make sense logically.

I would consider this a bug.

(Jeff Atwood) #4

OK, you own this bug now!

(Lee_Ars) #5

This is why I don’t talk during meetings EVER.

(cpradio) #6

PR Sent

(Robin Ward) #7

Fixed here, thanks @cpradio

(cpradio) #8

Ah, that’s a clever way to do it too :slight_smile: Thanks for posting it back for me to see.

(Jeff Atwood) #9