Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BEAR answers being seen by more than one user #448

Open
RobStallion opened this issue Sep 12, 2018 · 4 comments
Open

BEAR answers being seen by more than one user #448

RobStallion opened this issue Sep 12, 2018 · 4 comments
Assignees
@RobStallion
Labels
priority-4 T1h technical

Comments

@RobStallion
Copy link
Member

If a user fills in a BEAR form for a specific publication, then another user does a similar search and goes to review that same publication they will see the previous users answers.
@RobStallion RobStallion added this to the Sprint 10 - BEAR extras milestone Sep 12, 2018
@RobStallion RobStallion self-assigned this Sep 12, 2018
@RobStallion
Copy link
Member Author

Bug appears to be caused by the function all_questions_for_sec in bear_questions.ex. The error seems to be happening because this function is not currently checking the pico_search_id in the query.

Next step

Will add pico_search_id to the query and function calls and see if this resolves the error.

@RobStallion
Copy link
Member Author

This appears to have resolved the issue. Will open a pr with the solution.

RobStallion added a commit that referenced this issue Sep 12, 2018
@RobStallion
add pico search id to query to make sure corrent answers are returned #…
6385945 
…448
@RobStallion RobStallion mentioned this issue Sep 12, 2018
Merged
@iteles
Copy link
Member

iteles commented Sep 12, 2018
edited
Loading

A related question: can a user guess at a URL (change the final digit for example) and then edit someone else's BEAR? We should maybe be checking for the user's ID.

@iteles iteles removed the question label Oct 31, 2018
@iteles iteles removed this from the Sprint 11 - Bug fixes milestone Oct 31, 2018
@RobStallion
Copy link
Member Author

@iteles. At the moment the routes are not protected (a user could potentially see another users answers if they guessed the URL).

I will look into this after meeting with @harrygfox and going over the changes to the BEAR flow as the changes will likely effect the way these queries are currently done.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RobStallion RobStallion

Labels
priority-4 T1h technical
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iteles @RobStallion