Feed Login
Adagia Alerts

Draft Visibility 2021-01-11 19:47:10

HI everyone.

I released a replies feature around noon (eastern) today that introduced a privacy slip-up. From noon to about 2:40 PM (est) today,

The Extent of this slipup
  • Every Adagia user who was signed in could see any draft by any user in their writing dashboard (the screen you see when you click write in the header)
  • The title and the excerpt of the drafts were visible however the rest of the content beyond this was not visible, including the drafts' author.
  • If a user clicked on a draft that wasn't theirs to try editing it they were met with an unauthorized page.

The Cause
I actually have to go run an errand right now so I'll complete this later today.

Thanks to
for figuring this problem out and letting me know without snooping around. #PowerUser

More from Abraham Kim

Adagia Alerts

Draft Visibility
I like the yellow alert band, and if you can somehow show that on the main page to make your alerts stand out then that's a bonus.
2021-01-12 01:48:32
Hmm - I am glad this didn't happen with 200words where I had about 200 drafts....some meant for private posts. 

Good luck debugging Sir Abe
2021-01-12 02:01:57
Nothing like development on a live server.
2021-01-12 02:38:34
Oh man, that's some developer nightmares right there. Hope you get things sorted out. Let me know if you need a second pair of eyes or even just a rubber ducky ;)
2021-01-12 09:36:23
@Brandon actually that header is there for all collections. Right now this collection Adagia Alerts is nothing more than a regular collection like your Life Hacks one. If you go to your Life Hacks collection page you'll see you have the same banner.

I do want to actually not have the alerts show up on the main feed and instead have kind of like a aside popup that can be clicked and you can be taken to a list of all these alerts in the past.

@keni if I had to bet on it I would say it did happen lol. Just not a big enough site that people found out and journalists wrote about it.

@brian I actually haven't done any dev on a live server yet. For this change I fixed it and went through the standard CI pipeline which added like five minutes to the deploy lol.

@arctic the bug was actually really simple. After Brandon told me about it, it was an immediate fix. However, I do think this mistake is/will-be made by many other devs using Active Record Patterns so I'm going to make a dedicated blog to it.

Lol dev nightmare was what
went through last week.
2021-01-12 16:33:44
 haha ikr! Dev nightmare not over yet, over at Lifelog. Cockroach bugs are hardy af.
2021-01-13 13:44:00