Andrei Prigorshnev 5a2ad7e386 DEV: remove calls to guardian from GroupActionLogger (#13835) ... We shouldn't be checking if a user is allowed to do an action in the logger. We should be checking it just before we perform the action. In fact, guardians in the logger can make things even worse in case of a security bug. Let's say we forgot to check user's permissions before performing some action, but we still have a call to the guardian in the logger. In this case, a user would perform the action anyway, and this action wouldn't even be logged! I've checked all cases and I confirm that we're safe to delete this calls from the logger. I've added two calls to guardians in admin/user_controller. We didn't have security bugs there, because regular users can't access admin/... routes at all. But it's good to have calls to guardian in these methods anyway, neighboring methods have them.		2021-07-28 15:04:04 +04:00
..
assets	UX: Remove theme-specific css, fix space	2021-07-28 09:34:33 +08:00
controllers	DEV: remove calls to guardian from GroupActionLogger (#13835)	2021-07-28 15:04:04 +04:00
helpers	FIX: Assets for the theme tests page are not compressed (#13736)	2021-07-14 22:52:35 +03:00
jobs	FEATURE: Initial implementation of direct S3 uploads with uppy and stubs (#13787)	2021-07-28 08:42:25 +10:00
mailers	UX: suspend forever time period messages (#13776)	2021-07-20 14:42:08 +04:00
models	FEATURE: Initial implementation of direct S3 uploads with uppy and stubs (#13787)	2021-07-28 08:42:25 +10:00
serializers	FEATURE: Show draft count in user menu and activity (#13812)	2021-07-27 14:05:33 +03:00
services	DEV: remove calls to guardian from GroupActionLogger (#13835)	2021-07-28 15:04:04 +04:00
views	FIX: use correct URL in schema markup for post images. (#13847)	2021-07-26 21:39:51 +05:30