Update to allow unverified users to edit their own data. (!594) · Merge requests · Minds / Minds Backend

Ben requested to merge fix/acl-preventing-initial-avatar-3324 into master Jul 07, 2020

Summary

Change to the ACL to allow users to edit their own user object when their email is not verified.

Steps to replicate

Make new account
Go through steps watching your XHRs
the save to info fails on prod.

Note you can still not post.

Regression Scope

This MR needs a careful eye as it contains a low-level change to the ACL. I followed what we discussed in a meeting, but want to make sure I have the logic correct.

Testing I had to force the user->isTrusted() function to return false to simulate what is happening on production - I presume somewhere there's something environmental determining that on our local development machines we don't need email verification, but could not find it.

This means that this error likely would not trigger anyway on Sandboxes unless you know for certain they are configured in such a way. Maybe testing on a minds.com subdomain would be preferable but it is a wide test plan.

Edited Jul 07, 2020 by Ben

Update to allow unverified users to edit their own data.

Summary

Steps to replicate

Regression Scope

Merge request reports