689338 - Unvouched users can access search page and search for their own profile

Status: VERIFIED FIXED

(Participation Infrastructure :: Phonebook, defect, P3)

Description

[Tobias (:Tobbi) Markus]

Nice feature:

As an unvouched user, I can go to https://mozillians.allizom.org/en-US/search and search for my own profile. Which can be very useful in case you forgot that you exist. Uuh, whatever....


I believe, we should find a better solution for that.
https://mozillians.allizom.org/en-US/search

Comment 1

[Aakash Desai [:aakashd]]

Users see this issue when doing something they're not supposed to. It'd be good to post a safeguard and clean up this negative test case with a redirect or easter egg.

Comment 2

[tofumatt [:tofumatt]]

This is a feature _request_, not a bug, right?

Comment 3

[Aakash Desai [:aakashd]]

It's a bug as its a negative test case. Non-vouched logged-in users shouldn't be able to go to the search page whatsoever. Right now, it's just hidden and the functionality is nerfed, but the page still shows if you go to the URL. 

With that said, it's definitely not a high priority at all since it's such a small use case.

Comment 4

[tofumatt [:tofumatt]]

Well if non-vouched users shouldn't see the search page at all, I can fix that.

But I'm not marking it for 1.0. If I can get it out the door by then: great. But it's not likely at this point.

Comment 5

[Aakash Desai [:aakashd]]

Yeah, that sounds good. Even if it falls out of 1.1, that's fine as well.

Comment 6

[tofumatt [:tofumatt]]

How's this https://github.com/mozilla/mozillians/commit/a56738d8b20df6d010f1a0780aaf0013dbea04ae?

It now shows the generic error page; we can tweak what it says in future releases.

Comment 7

[Tobias (:Tobbi) Markus]

Verified unvouched users can't access search page.