Tag page lists a private resource that shouldn't be visible
Bug #386110 reported by
Paul Everitt
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
KARL3 |
Fix Released
|
High
|
Chris Rossi |
Bug Description
(Extracted from the comment at https:/
This bug is related to the Wikipage acl bug at https:/
First, login as khelz via impersonation.
Next, go to a tag page:
https:/
You see one resource listed. However, that resource shouldn't be visible to khelz as it is a wikipage in a private community for which khelz isn't a member.
** For extra credit, find the places that generate links with the double slashes. For example, the My Tags portlet on the profile has tag hyperlinks that all contain double slashes.
summary: |
- Tage page lists a private resource that shouldn't be visible + Tag page lists a private resource that shouldn't be visible |
Changed in karl3: | |
status: | New → In Progress |
To post a comment you must log in.
Fix is committed and deployed on staging for evaluation. (Includes fix to remove double slashes from profile view.)
In the course of fixing this bug I did consolidate the three different showtag views to all use the same code, since maintaining three very similar but subtly different views was bound to get error prone. (In fact, I found an error in two of the views for generating the link to the tag users page.)
A little extra testing of tags in the three different contexts is probably in order: global, community and profile. This is to ensure there are no unintended side effects of the code consolidation.