SciPost Code Repository

Skip to content
Snippets Groups Projects
Commit 26fad3e7 authored by Jorran de Wit's avatar Jorran de Wit
Browse files

SECURITY FIX: Submission actions not restricted to pool

Certain actions, such as looking into the editorial page, were
 possible to do by (possible) authors. All submission views
 related to the EdCol are now filtered by the get_pool filter in
 the SubmissionManager to exclude objects with the requesting user
 being a (possible) author.
parent 9f1eaa8b
No related branches found
No related tags found
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment