Public bug reported:
A user received a comment for an artefact that is not actually shared
publicly.
Looking into the problem, I've been able to replicate the issue. It goes
as such :
- Create a view
- Add a Tagged journal entries block with tag A
- save and share view with public
- Edit block and change the selected tag to tag B
- save
Journal entries with tag A are still accessible to the public even
though they are not being displayed on the view.
It's is imperative that deleted artefact from a view cannot be accessed.
It's clearly a breach of privacy.
We're using Mahara 15.04 .2 on Linux with MySQL
** Affects: mahara
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask
on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1521818
Title:
accessing artefact through view without permission
Status in Mahara:
New
Bug description:
A user received a comment for an artefact that is not actually shared
publicly.
Looking into the problem, I've been able to replicate the issue. It
goes as such :
- Create a view
- Add a Tagged journal entries block with tag A
- save and share view with public
- Edit block and change the selected tag to tag B
- save
Journal entries with tag A are still accessible to the public even
though they are not being displayed on the view.
It's is imperative that deleted artefact from a view cannot be
accessed. It's clearly a breach of privacy.
We're using Mahara 15.04 .2 on Linux with MySQL
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1521818/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~mahara-contributors
Post to : [email protected]
Unsubscribe : https://launchpad.net/~mahara-contributors
More help : https://help.launchpad.net/ListHelp
