Comment 0 for bug 1521818
Revision history for this message
| Stéphane (smlavoie) wrote accessing artefact through view without permission | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
A user received a comment for an artefact that is not actually shared publicly.
Looking into the problem, I've been able to replicate the issue. It goes as such :
- Create a view
- Add a Tagged journal entries block with tag A
- save and share view with public
- Edit block and change the selected tag to tag B
- save
Journal entries with tag A are still accessible to the public even though they are not being displayed on the view.
It's is imperative that deleted artefact from a view cannot be accessed. It's clearly a breach of privacy.
We're using Mahara 15.04 .2 on Linux with MySQL