Reviewed: https://reviews.mahara.org/10570 Committed: https://git.mahara.org/mahara/mahara/commit/61a2bfc1380bdfa69fa955973efa93853d3116c9 Submitter: Robert Lyon ([email protected]) Branch: master
commit 61a2bfc1380bdfa69fa955973efa93853d3116c9 Author: Robert Lyon <[email protected]> Date: Thu Nov 7 10:12:55 2019 +1300 Bug 1851557: Restricting access users / groups select2 results Need to test the following, when: - isolated institutions are on only - when isolated institutions and "See own groups only" are on - when both are off behatnotneeded Change-Id: Id36dbe871320fc9b16e5c7f2df4f6d7596e798e8 Signed-off-by: Robert Lyon <[email protected]> -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1851557 Title: Members from other institution can be seen when sharing portfolios despite isolated institutions Status in Mahara: Fix Committed Status in Mahara 19.04 series: Confirmed Status in Mahara 19.10 series: Confirmed Status in Mahara 20.04 series: Fix Committed Bug description: When you have isolated institutions turned on and a minimum of two institutions, you can see people from another institution when you share your portfolio page though you should not be allowed to see them. This will also need to be checked for when "See own groups only" is turned on as that restricts the sharing even more. Similarly, when a person searches for groups, they should only see groups that are associated with their institution or that they are in if "See own groups only" is turned on. To replicate scenario 1: 1. Allow isolated institutions in the config.php. 2. Set up 2 institutions with 3 people each. 3. Put two group members from the same institution into a group each. 4. Log in as a normal institution member and create a page. 5. Share that page and select "Search for... user". Expected result: You only see the 2 other people from your own institution. Actual result: You can share your page with everyone. To test scenario 2: 1. Allow isolated institutions in the config.php. 2. In Admin menu -> Configure site -> Site options -> group settings. 3. Set up 2 institutions with 3 people each. 4. Put two group members from the same institution into a group each. 5. Log in as a normal institution member and create a page. 6. Share that page and select "Search for... user". Expected result: You only see the one other person from your institution who's in the same group as the person you are currently logged in. To replicate scenario 3: 1. Allow isolated institutions in the config.php. 2. In Admin menu -> Configure site -> Site options -> group settings. 3. Set up 2 institutions with 3 people each. 4. Put two group members from the same institution into a group each. 5. Set up 2 additional groups in each institution as site admin. 6. Log in as a normal institution member and create a page. 7. Share that page and select "Search for... groups". Expected result: You only see the 1 group in which you are a member. To replicate scenario 4: 1. Allow isolated institutions in the config.php. 2. Set up 2 institutions with 3 people each. 3. Put two group members from the same institution into a group each. 4. Set up 2 additional groups in each institution as site admin. 5. Log in as a normal institution member and create a page. 6. Share that page and select "Search for... groups". Expected result: You only see the 3 groups that were created in your own institution. Actual result: You can see all groups listed. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1851557/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
