Publicaly viewable group with submissions

Bug #1745278 reported by Ghada El-Zoghbi on 2018-01-25
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Medium
Ghada El-Zoghbi

Bug Description

Mahara: 17.10.2 (2017092611)
OS: Linux 16.04 (php 7)
DB: Postgres
Browser: FF && Chrome (any)

When a group is created with the following settings:

* Allow submissions = Yes
* Publicly viewable group = Yes

When a user who is not logged in tries to view this group (i.e. because they know the URL), they get the following error:

[WAR] 75 (lib/user.php:1943) Undefined variable: id

Call stack (most recent first):
log_message("Undefined variable: id", 8, true, true, "/var/www/clients/mahara/htdocs/lib/user.php", 1943) at /var/www/clients/mahara/htdocs/lib/errors.php:521
error(8, "Undefined variable: id", "/var/www/clients/mahara/htdocs/lib/user.php", 1943, array(size 4)) at /var/www/clients/mahara/htdocs/lib/user.php:1943
profile_url(false, false) at /var/www/clients/mahara/htdocs/lib/view.php:6164
View->get_url(false) at /var/www/clients/mahara/htdocs/lib/view.php:5571
View::get_extra_view_info(array(size 1), false, false) at /var/www/clients/mahara/htdocs/lib/view.php:6388
View::get_views_and_collections(0) at /var/www/clients/mahara/htdocs/lib/group.php:1496
group_view_submission_form("50") at /var/www/clients/mahara/htdocs/blocktype/groupviews/lib.php:424
PluginBlocktypeGroupViews::get_data("50", false) at /var/www/clients/mahara/htdocs/blocktype/groupviews/lib.php:104
PluginBlocktypeGroupViews::render_instance(object(BlockInstance)) at /var/www/clients/mahara/htdocs/lib/mahara.php:1789
call_static_method("PluginBlocktypeGroupviews", "render_instance", object(BlockInstance)) at /var/www/clients/mahara/htdocs/blocktype/lib.php:1041
BlockInstance->render_viewing(false) at /var/www/clients/mahara/htdocs/lib/view.php:2159
View->build_column(1, 1, false, false) at /var/www/clients/mahara/htdocs/lib/view.php:2113
View->build_columns(1, false, false) at /var/www/clients/mahara/htdocs/lib/view.php:2098
View->build_rows() at /var/www/clients/mahara/htdocs/group/view.php:68

[WAR] 75 (lib/user.php:1947) profile_url called with no user id
Call stack (most recent first):
profile_url(false, false) at /var/www/clients/mahara/htdocs/lib/view.php:6164
View->get_url(false) at /var/www/clients/mahara/htdocs/lib/view.php:5571
View::get_extra_view_info(array(size 1), false, false) at /var/www/clients/mahara/htdocs/lib/view.php:6388
View::get_views_and_collections(0) at /var/www/clients/mahara/htdocs/lib/group.php:1496
group_view_submission_form("50") at /var/www/clients/mahara/htdocs/blocktype/groupviews/lib.php:424
PluginBlocktypeGroupViews::get_data("50", false) at /var/www/clients/mahara/htdocs/blocktype/groupviews/lib.php:104
PluginBlocktypeGroupViews::render_instance(object(BlockInstance)) at /var/www/clients/mahara/htdocs/lib/mahara.php:1789
call_static_method("PluginBlocktypeGroupviews", "render_instance", object(BlockInstance)) at /var/www/clients/mahara/htdocs/blocktype/lib.php:1041
BlockInstance->render_viewing(false) at /var/www/clients/mahara/htdocs/lib/view.php:2159
View->build_column(1, 1, false, false) at /var/www/clients/mahara/htdocs/lib/view.php:2113
View->build_columns(1, false, false) at /var/www/clients/mahara/htdocs/lib/view.php:2098
View->build_rows() at /var/www/clients/mahara/htdocs/group/view.php:68

Because the group is submittable, the application is trying to retrieve a list of submitted pages/collections to this group.

A check is required to ensure the user is logged in before it retrieves this data.

Changed in mahara:
assignee: nobody → Ghada El-Zoghbi (ghada-z)
Changed in mahara:
status: New → Confirmed
importance: Undecided → Medium

It should also be checked that there is no error message when a user tries to view the group homepage when she's neither the admin / tutor of the group nor submitted a portfolio to it as she shouldn't see anything then either.

Changed in mahara:
status: Confirmed → In Progress
milestone: none → 18.04.0

Reviewed: https://reviews.mahara.org/8578
Committed: https://git.mahara.org/mahara/mahara/commit/65f6e575b43023461772ec344b71a2efe67840ee
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 65f6e575b43023461772ec344b71a2efe67840ee
Author: Ghada El-Zoghbi <email address hidden>
Date: Thu Jan 25 14:15:15 2018 +1100

Bug 1745278: check user is logged in for publicly viewable groups

When a group is public and allows submissions, we need to check
that the user is logged in before retrieving the list of
sumibtted pages/collections to the group.

Sponsored by The Australian National University
behatnotneeded

Change-Id: Id8aeffea12aa36f27122069f9372fcb7b9ed95c5

Robert Lyon (robertl-9) on 2018-03-08
Changed in mahara:
status: In Progress → Fix Committed
Robert Lyon (robertl-9) on 2018-04-05
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers