To test - with current master Log in as userA 1) Create a page with userA and put an image block on it and a peer block 2) Share it with userB as role 'peer' 3) View the page and click the 'Details' toggle Copy the HTML code for the <a class="commentlink" ... </a> bit
Login as userB 1) Go to the page shared by userA you should not see any way to view the image content 2) inspect page an insert somewhere the HTML snippet you got from before 3) in browser console type in activateModalLinks(); and hit return 4) Click on link you added and you see the content in the modal -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1849395 Title: Need to lock down the view/viewblocks.json.php response more Status in Mahara: Confirmed Bug description: Currently it only checks if you can see the page But if you give it block/artefact values you shouldn't see you get content back We need to do the following checks 1) can user see the page? if so 2) is the block on the page? if so 3) can the user see the block content? (a peer might not be able to) if so 4) is the artefact part of the block? Only then can we show the content in the modal To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1849395/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
