Open
Conversation
* typo fix Small typo fix: you'll need to do the chech => you'll need to do the check * Update session.create > session.$create * Update api routes doc examples - no anon exports * Edit preview mode doc examples - no anon exports * Change export name to handler * Change export name to handler
Typo removed
Co-authored-by: Brandon Bayer <b@bayer.ws>
Co-authored-by: Brandon Bayer <b@bayer.ws>
This commit is rather simple. It simply makes the scrolling when you scroll by id much smoother. For example, when you use the Back to top button in the footer, it won't jump up so quickly, it'll instead scroll. This is useful because it will surprise people less and it'll seem cleaner and less choppy too.
Co-authored-by: JuanM04 <me@juanm04.com>
Co-authored-by: Brandon Bayer <b@bayer.ws>
* typo fix Small typo fix: you'll need to do the chech => you'll need to do the check * Update session.create > session.$create * Update api routes doc examples - no anon exports * Edit preview mode doc examples - no anon exports * Change export name to handler * Change export name to handler * lazy load random contributor images * lazy load appropriate player, url * switch to Image tag * fix image sizing * change user track image to github url * make layout intrinsic Co-authored-by: Roshan Manuel <Roshan,manuel@angelic-group.com>
…stRenderFlicker (#476)
Co-authored-by: Roshan Manuel <Roshan,manuel@angelic-group.com>
If you try to copy-paste the examples there's a missing import
When you impersonate another use it would be a good idea to assumer their role too.
Most endpoints will be protected with some for of authorizer e.g. `resolver.authorize("seller")` or `resolver.authorize("buyer")`.
If you try and invoke these endpoints as an admin, they all need to be changed to `resolver.authorize(["seller", "admin"])` or `resolver.authorize(["buyer", "admin"])` etc.
If you assume the role of the user you're impersonating, you don't need to change anything.
In terms of security:
- `startImpersonating` should only be available to admins, so it should be secured with `resolver.authorize("admin")`.
- we can allow `stopImpersonating` to be called without a role restriction as it is: the code already checks if `impersonatingFromUserId` is present in the session. If present, the user simply regains whatever role they had before ("admin", "support", etc), otherwise the endpoint is no-op.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR was automatically generated.
Merge changes from blitzjs.com at 9fe39d8
The following files have conflicts and may need new translations:
Please fix the conflicts by pushing new commits to this pull request, either by editing the files directly on GitHub or by checking out this branch.
DO NOT SQUASH MERGE THIS PULL REQUEST!
Doing so will "erase" the commits from main and cause them to show up as conflicts the next time we merge.