Views are automatically removed from watchlist when user access is removed
Bug #622499 reported by
Richard Mansfield
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Mahara |
Fix Released
|
Medium
|
Richard Mansfield | ||
Bug Description
The View::set_access function in lib/view.php is too eager to remove views from user watchlists:
When you remove a user from the access list for a view, the view is automatically removed from that user's watchlist even if the user has access to the view by another means (e.g. through membership in a group with access to the view).
Revision history for this message
| Richard Mansfield (richard-mansfield) wrote | #1 |
| Changed in mahara: | |
| status: | New → Confirmed |
| importance: | Undecided → Medium |
| milestone: | none → 1.3.0 |
| Changed in mahara: | |
| assignee: | nobody → Richard Mansfield (richard-mansfield) |
Revision history for this message
| Richard Mansfield (richard-mansfield) wrote | #2 |
| Changed in mahara: | |
| status: | Confirmed → Fix Committed |
| Changed in mahara: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
There's an additional problem to the one mentioned above - for example if you're in a group which gets removed from a view's access list, there's no test there (or anywhere?) that will remove the view from your watchlist.
So it's removing views that shouldn't be removed, and not removing views that should be removed.
I don't think the set_access function is a good place to be maintaining the view watchlists. To do it correctly we'd need to find all users with access to the view before and after the access change, and I think this would be too slow to do when saving view access.
It's probably better to rebuild the watchlists once a day on cron, by running through all the views in watchlists, and checking that the watcher can still see them (and live with a few watchlist notifications for views that can't be seen by the watcher). Even this might be slow if the site has a lot of watched views, but if that becomes a problem we could keep track of the last time access is changed on each view, and only check views whose access changed since the last watchlist update.