Site staff shouldn't be able to send message to members of other institutions when isolated institutions are on

Bug #1823065 reported by Robert Lyon on 2019-04-03
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
High
Robert Lyon

Bug Description

Site staff can see profile of everyone and add them to their friends / request friendship, but they can't send them a message.

Since institution members only accept messages from site admins, site staff shouldn't be able to do things that can't be reciprocated.

Robert Lyon (robertl-9) on 2019-04-03
Changed in mahara:
status: New → Confirmed
importance: Undecided → High
assignee: nobody → Robert Lyon (robertl-9)
milestone: none → 19.04.0
Robert Lyon (robertl-9) wrote :

I'm getting an error:

[WAR] 95 (lib/pieforms/pieform.php:1351) Invalid value for select "filter"
Call stack (most recent first):

    log_message("Invalid value for select "filter"", 8, true, true, "/home/robertl/code/mahara-testing/mahara/htdocs/li...", 1351) at /home/robertl/code/mahara-testing/mahara/htdocs/lib/errors.php:520
    error(1024, "Invalid value for select "filter"", "/home/robertl/code/mahara-testing/mahara/htdocs/li...", 1351, array(size 2)) at Unknown:0
    trigger_error("Invalid value for select "filter"", 1024) at /home/robertl/code/mahara-testing/mahara/htdocs/lib/pieforms/pieform.php:1351

Robert Lyon (robertl-9) wrote :

The original problem seems to have already been fixed - so will fix the error message problem

Actually the site staff should not be able to send friend requests / messages to user not in their institution

Robert Lyon (robertl-9) on 2019-04-04
Changed in mahara:
status: Confirmed → In Progress
Steven (stevens-q) wrote :

Could not reproduce error message - added patch and still did not see any error message

Isolate institution functionality is working as expected

Robert Lyon (robertl-9) on 2019-04-10
summary: - Site staff can't send message to member when using isolated institutions
+ Site staff shouldn't be able to send message to members of other
+ institutions when isolated institutions are on

Reviewed: https://reviews.mahara.org/9704
Committed: https://git.mahara.org/mahara/mahara/commit/279c33c42106db66c80fbd0a9900d53196fc2a27
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: master

commit 279c33c42106db66c80fbd0a9900d53196fc2a27
Author: Robert Lyon <email address hidden>
Date: Thu Apr 4 14:27:59 2019 +1300

Bug 1823065: Site staff should not see users outside 'no institution'

When $cfg->isolatedistitutions are turned on because if they can and
message a user that user can't reply to them

Also fixed default filter option from throwing error if current user
is in no institution

Also fix up online users - consolidate duplicate code and restrict
non-admins in no institution is isolated institutions is turned on

behatnotneeded

Change-Id: I5828147461f513bb392598d62337d417e631e6f2
Signed-off-by: Robert Lyon <email address hidden>

Reviewed: https://reviews.mahara.org/9744
Committed: https://git.mahara.org/mahara/mahara/commit/50125de2ae344b86c93152b7ccf50a0fc485cace
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: 19.04_STABLE

commit 50125de2ae344b86c93152b7ccf50a0fc485cace
Author: Robert Lyon <email address hidden>
Date: Thu Apr 4 14:27:59 2019 +1300

Bug 1823065: Site staff should not see users outside 'no institution'

When $cfg->isolatedistitutions are turned on because if they can and
message a user that user can't reply to them

Also fixed default filter option from throwing error if current user
is in no institution

Also fix up online users - consolidate duplicate code and restrict
non-admins in no institution is isolated institutions is turned on

behatnotneeded

Change-Id: I5828147461f513bb392598d62337d417e631e6f2
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 279c33c42106db66c80fbd0a9900d53196fc2a27)

Robert Lyon (robertl-9) on 2019-04-15
Changed in mahara:
status: In Progress → Fix Committed
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers