Ticket #4166 (new enhancement)

Opened 4 months ago

Last modified 4 months ago

[with patch; needs work] Separate resource for @interact

Reported by: itolkov Assigned to: itolkov
Priority: major Milestone: sage-3.4
Component: interact Keywords:
Cc:

Description

There is a new resource for the initial evaluation and later updates.

Attachments

trac4166_1.patch (6.4 kB) - added by itolkov on 09/22/2008 11:55:50 AM.

Change History

09/21/2008 07:16:38 PM changed by itolkov

  • summary changed from Separate resource for @interact to [with patch; needs review] Separate resource for @interact.

09/22/2008 11:55:50 AM changed by itolkov

  • attachment trac4166_1.patch added.

09/24/2008 03:49:02 PM changed by was

  • summary changed from [with patch; needs review] Separate resource for @interact to [with patch; needs work] Separate resource for @interact.

Good, works, but has one problem, which is that it creates a serious security vulnerability. It needs code like this or something like in the Worksheet_eval Resource: 

        if owner != '_sage_':
            if W.owner() != self.username and not (self.username in W.collaborators()):
               return InvalidPage(msg = "can't evaluate worksheet cells", username = self.username\
)

Once this is resolved, it will get a positive review.

It might also be nice if there were a comment that explains why we are creating this new resource. E.g., "make code cleaner"? "because it will be needed later for something else that is planned?"