API should not return can_rate=true for anon users for paid apps

RESOLVED WORKSFORME

Status

Marketplace
API
P2
normal
RESOLVED WORKSFORME
5 years ago
5 years ago

People

(Reporter: basta, Assigned: chuck)

Tracking

x86
Mac OS X
Points:
---
Dependency tree / graph

Details

(Whiteboard: [fireplace] p=1)

(Reporter)

Description

5 years ago
Presently, when accessing the ratings API, anonymous users will see "can_rate":true, which is false. Only signed in users who have purchased a paid app should be able to submit a review.
Blocks: 859511
Whiteboard: [fireplace]
(Reporter)

Updated

5 years ago
Blocks: 871484
(Assignee)

Updated

5 years ago
Assignee: nobody → charmston
Priority: -- → P2
Whiteboard: [fireplace] → [fireplace] p=1
(Assignee)

Comment 1

5 years ago
STR? I can't reproduce.

'can_rate' appears as a member of the `user` object in API responses, which should be `None` in anonymous requests.
Flags: needinfo?(mattbasta)
(Reporter)

Comment 2

5 years ago
Looks like this has changed in the past week or so; the user object is null for me now. Very odd. Will reopen if I find shenanigans.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Flags: needinfo?(mattbasta)
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.