Mahara

Admin can't see objectionable content in forums if not admin in the group

Bug #1444925 reported by Kristina Hoeppner on 2015-04-16

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Mahara	Fix Released	Medium	Robert Lyon	Mahara 15.10.0
1.10	Fix Released	Medium	Unassigned	Mahara 1.10.5
15.04	Fix Released	Medium	Unassigned	Mahara 15.04.2
15.10	Fix Released	Undecided	Unassigned

Bug Description

When a site admin receives an objectionable content notification for a forum post, they can't actually check if without having to join the group. Like for objectionable content on pages and artefacts, the admin should receive direct access to the item in question and then release it if necessary. After they've taken action, the group will be off limits again.

Confirmed on a Mahara 1.10 instance.

Tags:

Revision history for this message

Robert Lyon (robertl-9) wrote on 2015-04-16:

Hmm, I thought there was a patch for this back in the day allowing admins to get temp access to group page if going directly from link in email

Revision history for this message

Robert Lyon (robertl-9) wrote on 2015-04-16:

Actually from my testing this morning this is what happens:

1) Someone in group marks a group page or forum post as objectionable

2) The group admins and site admins get emails about this

3) If the site admin is the first to go in and check the page / forum post then they can see it (they have temporary access)

4) But once they (or group admin) mark the page as not objectionable then the site admin lose access.

So what is needed is the message displayed to admin when they don't have access to include some text that indicates the objection has already been reviewed and solved.

See commit about the site admins having temp access functionality: 00e0488ac049016d86d49476471aeea72d27d038

Revision history for this message

Robert Lyon (robertl-9) wrote on 2015-04-16:

What we could do is on the url that sent out in email have a variable that indicates that we are dealing with objectionable content check

so we could add &objection=1

That way if a user, whether a site admin or group admin, goes to check the objection and it's already been resolved we can give them a message to that effect.

If a user tries to hack the url there is no danger - the message just won't display

Revision history for this message

Aaron Wells (u-aaronw) wrote on 2015-04-16:

Good analysis, Robert! I agree with your suggested solution, also.

Cheers,
Aaron

Changed in mahara:
milestone:	none → 15.04.0
tags:	added: forums

Robert Lyon (robertl-9) on 2015-04-17

Changed in mahara:
milestone:	15.04.0 → 15.04.1

Aaron Wells (u-aaronw) on 2015-04-21

Changed in mahara:
milestone:	15.04.1 → 15.10.0

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2015-04-28: A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/4711

Robert Lyon (robertl-9) on 2015-04-28

Changed in mahara:
status:	Confirmed → In Progress
assignee:	nobody → Robert Lyon (robertl-9)

Jinelle Foley-Barnes (jinelleb) on 2015-04-28

tags:

added: needs-behat

Revision history for this message

Robert Lyon (robertl-9) wrote on 2015-06-09:

To test/behat this:

1) Create a new mahara instance and set the site options notification settings so that new users get objectionable emails to inbox
1) Add a bunch of users in your mahara 9some of which need to be site admins)
2) Login as one of the new users and create a group and add some users to it as members/group admins
3) Login as a member of the group and create a page and a forum post
4) Login as another member of the group (can be group admin or member) and reject the forum post / page
5) This should send emails to the both the site admins and group admins.
6) Get a group admin to mark the forum post / page not objectionable
7) Then login as a site admin who is not a member of the group and check their email
8) Follow the link in the objectionable notification email and you should see the message containing the extra info about objection already being resolved.

Revision history for this message

Robert Lyon (robertl-9) wrote on 2015-06-09:

Note: for behat test we will need to kick the cron a few times

Revision history for this message

Aaron Wells (u-aaronw) wrote on 2015-06-17:

Hm, unfortunately right now in master there's a bug that you don't see the link to the objectionable content! So I'll have to fix that first before this one can go through.

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2015-06-22: A change has been merged

Reviewed: https://reviews.mahara.org/4711
Committed: https://git.nzoss.org.nz/mahara/mahara/commit/a4f1dfe87a34e5c484498dba47d43494f23284ff
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit a4f1dfe87a34e5c484498dba47d43494f23284ff
Author: Robert Lyon <email address hidden>
Date: Tue Apr 28 17:18:07 2015 +1200

Passing the objection=1 param to the objection url (Bug #1444925)

To allow us to show a more detailed error message if site admin (not
belonging to the group) goes to review an objectionable group page
or group forum topic that has already been sorted out.

Change-Id: If4785528bfe29736542972adce7609cdb0522248
Signed-off-by: Robert Lyon <email address hidden>

Robert Lyon (robertl-9) on 2015-06-22

Changed in mahara:
status:	In Progress → Fix Committed

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2015-06-22: A patch has been submitted for review

#10

Patch for "15.04_STABLE" branch: https://reviews.mahara.org/4888

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2015-06-22:

#11

Patch for "1.10_STABLE" branch: https://reviews.mahara.org/4889

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2015-06-22: A change has been merged

#12

Reviewed: https://reviews.mahara.org/4888
Committed: https://git.nzoss.org.nz/mahara/mahara/commit/30c2c1bdfe87df656e6696f1c133b335b10465ca
Submitter: Robert Lyon (<email address hidden>)
Branch: 15.04_STABLE

commit 30c2c1bdfe87df656e6696f1c133b335b10465ca
Author: Robert Lyon <email address hidden>
Date: Tue Apr 28 17:18:07 2015 +1200

Passing the objection=1 param to the objection url (Bug #1444925)

To allow us to show a more detailed error message if site admin (not
belonging to the group) goes to review an objectionable group page
or group forum topic that has already been sorted out.

Change-Id: If4785528bfe29736542972adce7609cdb0522248
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit a4f1dfe87a34e5c484498dba47d43494f23284ff)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2015-06-22:

#13

Reviewed: https://reviews.mahara.org/4889
Committed: https://git.nzoss.org.nz/mahara/mahara/commit/fce7f8e55e68c00de2ffa275c56557a5bc8e4662
Submitter: Robert Lyon (<email address hidden>)
Branch: 1.10_STABLE

commit fce7f8e55e68c00de2ffa275c56557a5bc8e4662
Author: Robert Lyon <email address hidden>
Date: Tue Apr 28 17:18:07 2015 +1200

Passing the objection=1 param to the objection url (Bug #1444925)

To allow us to show a more detailed error message if site admin (not
belonging to the group) goes to review an objectionable group page
or group forum topic that has already been sorted out.

Change-Id: If4785528bfe29736542972adce7609cdb0522248
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit a4f1dfe87a34e5c484498dba47d43494f23284ff)

Robert Lyon (robertl-9) on 2016-11-06

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.