Presently, when accessing the ratings API, anonymous users will see "can_rate":true, which is false. Only signed in users who have purchased a paid app should be able to submit a review.
Assignee: nobody → charmston
Priority: -- → P2
Whiteboard: [fireplace] → [fireplace] p=1
STR? I can't reproduce. 'can_rate' appears as a member of the `user` object in API responses, which should be `None` in anonymous requests.
Looks like this has changed in the past week or so; the user object is null for me now. Very odd. Will reopen if I find shenanigans.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.