Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-05-09 12:56:25 +08:00
Code Packages Activity Actions
discourse/plugins/poll/spec/integration
History
Exact
Isaac Janzen d74ff25db9 SECURITY: Check topic visibility before allowing poll interactions 
## Summary

- Adds a `guardian.can_see_topic?` check in `DiscoursePoll::Poll` to prevent users from interacting with polls on topics they can no longer access
- Covers the case where a user loses group membership for a private category but could still toggle poll status via the API
- Adds integration test verifying poll toggle is blocked after group removal

---

**Security Advisory:** https://github.com/discourse/discourse/security/advisories/GHSA-wq58-pvf6-w4p8
2026-03-31 15:12:45 +01:00
..
poll_endpoints_spec.rb SECURITY: Check topic visibility before allowing poll interactions 2026-03-31 15:12:45 +01:00
post_mover_spec.rb FIX: preserve poll data when moving posts to another topic (#37791) 2026-02-13 12:30:12 +08:00
user_merger_spec.rb DEV: add shortcut fab!(:variable, :fabricator) to specs (#33577) 2025-07-11 11:16:34 -03:00