** Changed in: mahara Milestone: 1.8rc1 => 1.8.0 -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1034180
Title: A group member with no access rights to folder can still view it (if smart :D) Status in Mahara ePortfolio: Fix Committed Bug description: If i create a folder in group files area, open a tab as a normal member, and then as group admin remove all rights to that folder for members, then as the member, click on the folder. The contents of the folder is then displayed (with the following warnings) [WAR] 0a (artefact/lib.php:864) Undefined index: member Call stack (most recent first): log_message("Undefined index: member", 8, true, true, "/var/www/mahara-dev/htdocs/artefact/lib.php", 864) at /var/www/mahara-dev/htdocs/lib/errors.php:446 error(8, "Undefined index: member", "/var/www/mahara-dev/htdocs/artefact/lib.php", 864, array(size 2)) at /var/www/mahara-dev/htdocs/artefact/lib.php:864 ArtefactType->role_has_permission("member", "edit") at /var/www/mahara-dev/htdocs/auth/user.php:960 User->can_edit_artefact(object(ArtefactTypeFolder)) at /var/www/mahara-dev/htdocs/artefact/file/form/elements/filebrowser.php:1221 pieform_element_filebrowser_edit_group_folder("1", "5") at /var/www/mahara-dev/htdocs/artefact/file/form/elements/filebrowser.php:1308 pieform_element_filebrowser_changefolder(object(Pieform), array(size 11), "5") at /var/www/mahara-dev/htdocs/artefact/file/form/elements/filebrowser.php:696 pieform_element_filebrowser_doupdate(object(Pieform), array(size 11)) at /var/www/mahara-dev/htdocs/artefact/file/form/elements/filebrowser.php:362 pieform_element_filebrowser_get_value(object(Pieform), array(size 11)) at /var/www/mahara-dev/htdocs/lib/pieforms/pieform.php:802 Pieform->get_value(array(size 11)) at /var/www/mahara-dev/htdocs/lib/pieforms/pieform.php:1253 Pieform->get_submitted_values() at /var/www/mahara-dev/htdocs/lib/pieforms/pieform.php:490 Pieform->__construct(array(size 12)) at /var/www/mahara-dev/htdocs/lib/pieforms/pieform.php:161 Pieform::process(array(size 12)) at /var/www/mahara-dev/htdocs/lib/pieforms/pieform.php:71 pieform(array(size 12)) at /var/www/mahara-dev/htdocs/artefact/file/groupfiles.php:49 [WAR] 0a (artefact/lib.php:864) Trying to get property of non-object Call stack (most recent first): log_message("Trying to get property of non-object", 8, true, true, "/var/www/mahara-dev/htdocs/artefact/lib.php", 864) at /var/www/mahara-dev/htdocs/lib/errors.php:446 error(8, "Trying to get property of non-object", "/var/www/mahara-dev/htdocs/artefact/lib.php", 864, array(size 2)) at /var/www/mahara-dev/htdocs/artefact/lib.php:864 ArtefactType->role_has_permission("member", "edit") at /var/www/mahara-dev/htdocs/auth/user.php:960 User->can_edit_artefact(object(ArtefactTypeFolder)) at /var/www/mahara-dev/htdocs/artefact/file/form/elements/filebrowser.php:1221 pieform_element_filebrowser_edit_group_folder("1", "5") at /var/www/mahara-dev/htdocs/artefact/file/form/elements/filebrowser.php:1308 pieform_element_filebrowser_changefolder(object(Pieform), array(size 11), "5") at /var/www/mahara-dev/htdocs/artefact/file/form/elements/filebrowser.php:696 pieform_element_filebrowser_doupdate(object(Pieform), array(size 11)) at /var/www/mahara-dev/htdocs/artefact/file/form/elements/filebrowser.php:362 pieform_element_filebrowser_get_value(object(Pieform), array(size 11)) at /var/www/mahara-dev/htdocs/lib/pieforms/pieform.php:802 Pieform->get_value(array(size 11)) at /var/www/mahara-dev/htdocs/lib/pieforms/pieform.php:1253 Pieform->get_submitted_values() at /var/www/mahara-dev/htdocs/lib/pieforms/pieform.php:490 Pieform->__construct(array(size 12)) at /var/www/mahara-dev/htdocs/lib/pieforms/pieform.php:161 Pieform::process(array(size 12)) at /var/www/mahara-dev/htdocs/lib/pieforms/pieform.php:71 pieform(array(size 12)) at /var/www/mahara-dev/htdocs/artefact/file/groupfiles.php:49 On a refresh, the home folder is shown, and the folder is not displayed, so can't click on it again. Although, the member can still access the folder directly, by going to the url /artefact/file/groupfiles.php?group=1&folder=5 (or whatever id's), with the following warnings [WAR] 81 (artefact/lib.php:864) Undefined index: member Call stack (most recent first): log_message("Undefined index: member", 8, true, true, "/var/www/mahara-dev/htdocs/artefact/lib.php", 864) at /var/www/mahara-dev/htdocs/lib/errors.php:446 error(8, "Undefined index: member", "/var/www/mahara-dev/htdocs/artefact/lib.php", 864, array(size 2)) at /var/www/mahara-dev/htdocs/artefact/lib.php:864 ArtefactType->role_has_permission("member", "edit") at /var/www/mahara-dev/htdocs/auth/user.php:960 User->can_edit_artefact(object(ArtefactTypeFolder)) at /var/www/mahara-dev/htdocs/artefact/file/form/elements/filebrowser.php:1221 pieform_element_filebrowser_edit_group_folder("1", 5) at /var/www/mahara-dev/htdocs/artefact/file/form/elements/filebrowser.php:126 pieform_element_filebrowser(object(Pieform), array(size 13)) at /var/www/mahara-dev/htdocs/lib/pieforms/pieform.php:1378 Pieform->build_element_html(array(size 13)) at /var/www/mahara-dev/htdocs/lib/pieforms/pieform.php:659 Pieform->build() at /var/www/mahara-dev/htdocs/lib/pieforms/pieform.php:162 Pieform::process(array(size 12)) at /var/www/mahara-dev/htdocs/lib/pieforms/pieform.php:71 pieform(array(size 12)) at /var/www/mahara-dev/htdocs/artefact/file/groupfiles.php:49 [WAR] 81 (artefact/lib.php:864) Trying to get property of non-object Call stack (most recent first): log_message("Trying to get property of non-object", 8, true, true, "/var/www/mahara-dev/htdocs/artefact/lib.php", 864) at /var/www/mahara-dev/htdocs/lib/errors.php:446 error(8, "Trying to get property of non-object", "/var/www/mahara-dev/htdocs/artefact/lib.php", 864, array(size 2)) at /var/www/mahara-dev/htdocs/artefact/lib.php:864 ArtefactType->role_has_permission("member", "edit") at /var/www/mahara-dev/htdocs/auth/user.php:960 User->can_edit_artefact(object(ArtefactTypeFolder)) at /var/www/mahara-dev/htdocs/artefact/file/form/elements/filebrowser.php:1221 pieform_element_filebrowser_edit_group_folder("1", 5) at /var/www/mahara-dev/htdocs/artefact/file/form/elements/filebrowser.php:126 pieform_element_filebrowser(object(Pieform), array(size 13)) at /var/www/mahara-dev/htdocs/lib/pieforms/pieform.php:1378 Pieform->build_element_html(array(size 13)) at /var/www/mahara-dev/htdocs/lib/pieforms/pieform.php:659 Pieform->build() at /var/www/mahara-dev/htdocs/lib/pieforms/pieform.php:162 Pieform::process(array(size 12)) at /var/www/mahara-dev/htdocs/lib/pieforms/pieform.php:71 pieform(array(size 12)) at /var/www/mahara-dev/htdocs/artefact/file/groupfiles.php:49 The second way of accessing also gives a box saying "You do not have permission to add content to this folder", while the first does not, and infact shows the upload file and create folder boxes (though you can't add files) Both of these ways allow the user to access the files within the folders, or by the url /artefact/file/download.php?file=14 This bug will have to probably change the way permissions work, and backtrack through all the parent folders making sure the user has access To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1034180/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp