artefact_in_view() only supports one level of parentage

Bug #1122653 reported by Matt Oquist
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Invalid
Medium
Matt Oquist

Bug Description

I don't really think this is the right answer, but this patch supports TWO levels of parentage, so kids can have artefacts in folders in folders, and folks who have access to the view can view and download the artefacts. Without this patch, if a kid puts an artefact inside a folder that's inside a folder, users with permission to access the view get an 'access denied' message because artefact_in_view() in lib/mahara.php doesn't check to see if maybe the parent of the parent of the artefact is in the view...

Again, hard-coding levels of inheritance like this isn't really desirable, but checking arbitrary levels of parentage is expensive unless it's done very carefully.

In any case, I've attached the patch I've applied to our system (we're running 1.4.1, but 1.6.* appears to have the same issue) to get us around this problem for now.

Cheers,
Matt

Revision history for this message
Matt Oquist (moquist) wrote :
Revision history for this message
Kristina Hoeppner (kris-hoeppner) wrote :

Hi Aaron,

Can you please check this patch?

Changed in mahara:
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Matt Oquist (moquist)
Revision history for this message
Robert Lyon (robertl-9) wrote :

The problem reported in this bug looks to have been fixed in later versions on mahara so will close this bug

Changed in mahara:
status: In Progress → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.