Reviewed: https://reviews.mahara.org/4644 Committed: http://gitorious.org/mahara/mahara/commit/ed686cadbbb6eb574bf788732008e7f21be2d669 Submitter: Aaron Wells ([email protected]) Branch: 1.10_STABLE
commit ed686cadbbb6eb574bf788732008e7f21be2d669 Author: Robert Lyon <[email protected]> Date: Fri Jul 25 10:21:48 2014 +1200 Getting suspended institutions to keep their user out. (Bug 1348024) Users who are logged in on the suspended institution's auth method are logged out. Change-Id: I10e1dec465a4363a076e92f4d90ec663ff8a822e Signed-off-by: Robert Lyon <[email protected]> -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1348024 Title: users can stay logged into suspended institution Status in Mahara ePortfolio: In Progress Status in Mahara 1.10 series: In Progress Status in Mahara 1.8 series: Confirmed Status in Mahara 1.9 series: Confirmed Status in Mahara 15.04 series: In Progress Status in Mahara 15.10 series: In Progress Bug description: If a user does not use their own institution's auth method then user only belonging to a suspended institution can still log in. Scenario: - Create an institution called 'testone' with the auth method internal mahara - Add a user to it (so that the user is only in this institution and no others) - Update the user auth method to be another internal one - suspend the institution - log out and then in as user - can get in because the auth method is paired to 'mahara' institution Another problem: Same as above but have the user using the institutions auth method - this time one gets a warning about the institution being suspended, which is good but also gets the top menu and is actually logged in/can navigate about. What needs to be done: 1) when an institution is suspended make sure all users that only belong to this institution have a valid usr.authinstance value and if they don't give them one. 2) when they are trying to log in to their suspended institution actually deny them properly. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1348024/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
