Yes, I have tested it, and it allows anybody to view the game token. -- You received this bug notification because you are a member of MUGLE Developers, which is a direct subscriber. https://bugs.launchpad.net/bugs/786685
Title: Views aren't restricted by permission Status in Melbourne University Game-based Learning Environment: Triaged Bug description: The permissions system stops you from writing anywhere you shouldn't, but there don't appear to be any restrictions on what you can view. Any user can go around to #!/devteam/game/+edit and see everything there, including all the badges, and the game token. Users need to be restricted from accessing certain kinds of data. Note that this can't be done on the client side. The server needs to refuse to give you certain objects (or refuse to fill in certain fields) if you ask for them. -- Mailing list: https://launchpad.net/~mugle-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~mugle-dev More help : https://help.launchpad.net/ListHelp
