Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Double-check that superuser accounts can delete sources and annotations through frontend #509

Closed
2 tasks done
jgonggrijp opened this issue Oct 13, 2021 · 0 comments · Fixed by #550
Closed
2 tasks done

Double-check that superuser accounts can delete sources and annotations through frontend #509

jgonggrijp opened this issue Oct 13, 2021 · 0 comments · Fixed by #550
Assignees
@jgonggrijp
Milestone
Must-haves

Comments

@jgonggrijp
Copy link
Member

jgonggrijp commented Oct 13, 2021
edited
Loading

It is hypothetically possible for trolls to self-register an account and vandalise the interface by creating bogus, potentially offensive annotations. Currently, this is still unlikely, but as the interface becomes more widely known, the risk will increase.

Mandatory email verification (#478) will add a barrier to entry for trolls, but not an impenetrable one. On the other hand, #508 will give trolls an additional weapon. Concluding, it must be easy and straightforward for a superuser to delete the content created by a troll, preferably by just following a link to the offending content in the frontend.

The features that currently exist in order to delete sources and annotations should suffice. We just need to make sure that superusers can use them even when they are not the owner. This means that

  • the delete buttons in the frontend must be visible not only to the owner, but also to superusers, and
  • DELETE endpoints on the backend must admit superusers (I suspect this is already the case).

Needless to say, superusers must also be able to ban trolls, but this is already taken care of by the Django admin pages.
@jgonggrijp jgonggrijp added this to the Must-haves milestone Oct 13, 2021
@jgonggrijp jgonggrijp self-assigned this Jun 30, 2022
jgonggrijp added a commit that referenced this issue Jul 27, 2022
@jgonggrijp
Add superuser fixtures for the backend tests (#509)
9567e00
jgonggrijp added a commit that referenced this issue Jul 27, 2022
@jgonggrijp
Check that the backend allows superusers to delete items (#509)
560c3a1
jgonggrijp added a commit that referenced this issue Jul 27, 2022
@jgonggrijp
Assert item deletion response code for easier debugging (#509)
ff05730
jgonggrijp added a commit that referenced this issue Jul 27, 2022
@jgonggrijp
Allow arbitrary item deletion to superusers in the backend (#509)
ea01592
jgonggrijp added a commit that referenced this issue Jul 27, 2022
@jgonggrijp
Include superuser status in the backend user serializer (#509)
f9acb26
jgonggrijp added a commit that referenced this issue Jul 27, 2022
@jgonggrijp
Harden security of backend user serializer while I'm at it (#509)
c1d7ffd
jgonggrijp added a commit that referenced this issue Jul 27, 2022
@jgonggrijp
Outfactor currentUserOwnsModel, add superuser awareness in frontend
6cfa2f3 
Closes #509.
@jgonggrijp jgonggrijp mentioned this issue Jul 28, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jgonggrijp jgonggrijp

Labels
None yet
Projects
None yet
Milestone
Must-haves
Development

Successfully merging a pull request may close this issue.

Moderation UUDigitalHumanitieslab/readit-interface
1 participant
@jgonggrijp