** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: mahara-contributors https://bugs.launchpad.net/bugs/1959146
Title: Private group, site, or institution portfolios can be accessed by the URL without logging in Status in Mahara: Fix Committed Status in Mahara 21.04 series: Fix Released Status in Mahara 21.10 series: Fix Released Status in Mahara 22.04 series: Fix Committed Bug description: Portfolios should only be available to the selected people or groups of people who have been given access. This is the case for personal portfolios. However, a change introduced in Mahara 21.04 invalidated the permissions check for group, institution, and site portfolios. To replicate: Group: 1. Create a private group with the setting 'Publicly viewable group' set to 'No'. 2. Create a page within the group and copy the URL when the page is in 'Display' mode. 3. Open a private browser window and go to the copied URL. Results: - Expected: The site redirects to the login page. - Actual: The private group page can be seen without logging in. Institution: 1. Create an institution. 2. Create an institution page and do not share it with anybody. 3. Open a private browser window and go to the copied URL. Results: - Expected: The site redirects to the login page. - Actual: The institution page can be seen without logging in. Site: 1. Create a site page and do not share it with anybody. 2. Open a private browser window and go to the copied URL. Results: - Expected: The site redirects to the login page. - Actual: The site page can be seen without logging in. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1959146/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
