marking page objectionable now allows feedback
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
High
|
Robert Lyon |
Bug Description
If user A:
- creates a page
- turns off feedback/comments
- shares it with logged in users
And User B comes along and marks it as objectionable
The ability to leave comments is activated and so now user C, D, and E can all leave comments.
This is all due to the view_access table getting updated with 'allowcomments' column set to a hardcoded 1 rather than respecting the settings of the view.
I could imagine that an Admin user, who has the permissions to update a page as 'not objectionable' may also want the ability to leave a comment as well.
But I believe for all other users they should not be allowed to leave a comment.
So we either need to respect the allow comment setting for the page when saving the view_access 'objectionable' row,
or get it so that if the only allowcomments value set to 1 is on the accesstype 'objectionable' for the page then only allow certain users (admins) to be allowed to leave a comment.
Changed in mahara: | |
status: | In Progress → Fix Committed |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
Yep, probably the reasonable thing here would be that the obectionable access row only grants comment permission to admins.