Mahara

Site staff shouldn't be able to send message to members of other institutions when isolated institutions are on

Bug #1823065 reported by Robert Lyon on 2019-04-03

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Fix Released	High	Robert Lyon	Mahara 19.04.0

Bug Description

Site staff can see profile of everyone and add them to their friends / request friendship, but they can't send them a message.

Since institution members only accept messages from site admins, site staff shouldn't be able to do things that can't be reciprocated.

Robert Lyon (robertl-9) on 2019-04-03

Changed in mahara:
status:	New → Confirmed
importance:	Undecided → High
assignee:	nobody → Robert Lyon (robertl-9)
milestone:	none → 19.04.0

Revision history for this message

Robert Lyon (robertl-9) wrote on 2019-04-04:

I'm getting an error:

[WAR] 95 (lib/pieforms/pieform.php:1351) Invalid value for select "filter"
Call stack (most recent first):

    log_message("Invalid value for select "filter"", 8, true, true, "/home/robertl/code/mahara-testing/mahara/htdocs/li...", 1351) at /home/robertl/code/mahara-testing/mahara/htdocs/lib/errors.php:520
    error(1024, "Invalid value for select "filter"", "/home/robertl/code/mahara-testing/mahara/htdocs/li...", 1351, array(size 2)) at Unknown:0
    trigger_error("Invalid value for select "filter"", 1024) at /home/robertl/code/mahara-testing/mahara/htdocs/lib/pieforms/pieform.php:1351

Revision history for this message

Robert Lyon (robertl-9) wrote on 2019-04-04:

The original problem seems to have already been fixed - so will fix the error message problem

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2019-04-04: A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/9704

Revision history for this message

Robert Lyon (robertl-9) wrote on 2019-04-04: Re: Site staff can't send message to member when using isolated institutions

Actually the site staff should not be able to send friend requests / messages to user not in their institution

Robert Lyon (robertl-9) on 2019-04-04

Changed in mahara:
status:	Confirmed → In Progress

Revision history for this message

Steven (stevens-q) wrote on 2019-04-10:

Could not reproduce error message - added patch and still did not see any error message

Isolate institution functionality is working as expected

Robert Lyon (robertl-9) on 2019-04-10

summary:

- Site staff can't send message to member when using isolated institutions
+ Site staff shouldn't be able to send message to members of other
+ institutions when isolated institutions are on

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2019-04-11: A change has been merged

Reviewed: https://reviews.mahara.org/9704
Committed: https://git.mahara.org/mahara/mahara/commit/279c33c42106db66c80fbd0a9900d53196fc2a27
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: master

commit 279c33c42106db66c80fbd0a9900d53196fc2a27
Author: Robert Lyon <email address hidden>
Date: Thu Apr 4 14:27:59 2019 +1300

Bug 1823065: Site staff should not see users outside 'no institution'

When $cfg->isolatedistitutions are turned on because if they can and
message a user that user can't reply to them

Also fixed default filter option from throwing error if current user
is in no institution

Also fix up online users - consolidate duplicate code and restrict
non-admins in no institution is isolated institutions is turned on

behatnotneeded

Change-Id: I5828147461f513bb392598d62337d417e631e6f2
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2019-04-11: A patch has been submitted for review

Patch for "19.04_STABLE" branch: https://reviews.mahara.org/9744

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2019-04-11: A change has been merged

Reviewed: https://reviews.mahara.org/9744
Committed: https://git.mahara.org/mahara/mahara/commit/50125de2ae344b86c93152b7ccf50a0fc485cace
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: 19.04_STABLE

commit 50125de2ae344b86c93152b7ccf50a0fc485cace
Author: Robert Lyon <email address hidden>
Date: Thu Apr 4 14:27:59 2019 +1300

Bug 1823065: Site staff should not see users outside 'no institution'

When $cfg->isolatedistitutions are turned on because if they can and
message a user that user can't reply to them

Also fixed default filter option from throwing error if current user
is in no institution

Also fix up online users - consolidate duplicate code and restrict
non-admins in no institution is isolated institutions is turned on

behatnotneeded

Change-Id: I5828147461f513bb392598d62337d417e631e6f2
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 279c33c42106db66c80fbd0a9900d53196fc2a27)

Robert Lyon (robertl-9) on 2019-04-15

Changed in mahara:
status:	In Progress → Fix Committed

Rebecca Blundell (rjb-dev) on 2019-04-30

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.