artefact_in_view() only supports one level of parentage
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Invalid
|
Medium
|
Matt Oquist |
Bug Description
I don't really think this is the right answer, but this patch supports TWO levels of parentage, so kids can have artefacts in folders in folders, and folks who have access to the view can view and download the artefacts. Without this patch, if a kid puts an artefact inside a folder that's inside a folder, users with permission to access the view get an 'access denied' message because artefact_in_view() in lib/mahara.php doesn't check to see if maybe the parent of the parent of the artefact is in the view...
Again, hard-coding levels of inheritance like this isn't really desirable, but checking arbitrary levels of parentage is expensive unless it's done very carefully.
In any case, I've attached the patch I've applied to our system (we're running 1.4.1, but 1.6.* appears to have the same issue) to get us around this problem for now.
Cheers,
Matt
Hi Aaron,
Can you please check this patch?