A user received a comment for an artefact that is not actually shared publicly.
Looking into the problem, I've been able to replicate the issue. It goes as such :
- Create a view
- Add a Tagged journal entries block with tag A
- save and share view with public
- Edit block and change the selected tag to tag B
- save
Journal entries with tag A are still accessible to the public even though they are not being displayed on the view.
It's is imperative that deleted artefact from a view cannot be accessed. It's clearly a breach of privacy.
A user received a comment for an artefact that is not actually shared publicly.
Looking into the problem, I've been able to replicate the issue. It goes as such :
- Create a view
- Add a Tagged journal entries block with tag A
- save and share view with public
- Edit block and change the selected tag to tag B
- save
Journal entries with tag A are still accessible to the public even though they are not being displayed on the view.
It's is imperative that deleted artefact from a view cannot be accessed. It's clearly a breach of privacy.
We're using Mahara 15.04 .2 on Linux with MySQL