Student Content visible from google search.

This can be fixed *temporarily* by unchecking the "everyone can see
info of persons" checkbox in the access control page. Some pages in
CanDo require this box to be checked to work properly, but the whole
thing should just be changed from everyone to authenticated users. I
will make the change today.

- Paul

On 2/2/07, Jason Straw <email address hidden> wrote:
> Private bug reported:
>
> When searching google for a students name, we were able to bring up
> their journal and schedule in cando without logging in. More research
> will be done after our meetings today to confirm and track what is
> available.
>
> (Was done on Arlington Careercenter's public CanDo 06, I'll send more
> sensitive details in an email to Paul Carduner)
>
> ** Affects: cando (upstream)
> Importance: Critical
> Assignee: pcardune
> Status: Confirmed
>
> ** Changed in: cando (upstream)
> Importance: Undecided => Critical
> Assignee: (unassigned) => pcardune
> Status: Unconfirmed => Confirmed
> Target: None => cando2006
>
> --
> Student Content visible from google search.
> https://launchpad.net/bugs/82908
>

I would fix this bug but I can't seem to find where the permission is set to everyone. the AccessControlCustomization class. I could spend another 45 minutes hunting down the exact location, or someone from pov could tell in in 1 minute where to find it. The bug should be fixed in schooltool as well because there is *never* *ever* a case where you want student information to be accessible to *everyone*. At most, it should be accessible to *authenticated*.

This bug is related to a preference which we no longer use (and if we do someone should reopen this asap)