rhodecode-enterprise-ce Commit - r1826:76aa3640

security: use 404 instead of 403 in case missing permissions for comment deletion....

ergo -

r1826:76aa3640 default

parent child

rhodecode/controllers/changeset.py

0 +3 -1

                         Session().commit()
                         return True
                     else:
-                        raise HTTPForbidden()
+                        log.warning('No permissions for user %s to delete comment_id: %s',
+                                    c.rhodecode_user, comment_id)
+                        raise HTTPNotFound()
                 @LoginRequired()
                 @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',

rhodecode/controllers/pullrequests.py

0 +3 -1

                                 comment.pull_request, c.rhodecode_user, 'review_status_change')
                         return True
                     else:
-                        raise HTTPForbidden()
+                        log.warning('No permissions for user %s to delete comment_id: %s',
+                                    c.rhodecode_user, comment_id)
+                        raise HTTPNotFound()

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages