Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

able to edit poll questions as a user #210

Open
mmezher opened this issue Jun 2, 2016 · 0 comments
Open

able to edit poll questions as a user #210

mmezher opened this issue Jun 2, 2016 · 0 comments
Labels
bug

Comments

@mmezher
Copy link
Collaborator

mmezher commented Jun 2, 2016

If a user goes to https://www.railsschool.org/polls, they are able to edit all poll questions and publish them. This is a security issue since administrators of the site should be the only ones to be able to edit poll questions.

Bug reproduction steps:

  1. log in to rails school
  2. go to https://www.railsschool.org/polls/
  3. press edit on a poll
  4. edit the poll question/answer
  5. save and publish

Expected Outcome: Access should be denied to a regular user. Only admins should be able to edit polls.
Actual Outcome: The poll will be published to the site for all users to see.
@btaitelb btaitelb added the bug label Jun 2, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@btaitelb @mmezher