Logged out users get shown edit this page option
Bug #778240 reported by
Hugh Davenport
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
Low
|
Hugh Davenport |
Bug Description
When a logged out user visits a public site page, they get an edit this page option
When they visit a public page that was made by a user (ie not a site page), then they do NOT get the edit option
This happens with and without microheaders
I would suggest not showing the edit option for any public user.
Cheers,
Hugh
Changed in mahara: | |
status: | In Progress → Fix Committed |
Changed in mahara: | |
milestone: | none → 1.4.0 |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
importance: | Undecided → Low |
To post a comment you must log in.
This is because the LiveUser object has id=0, and the can_edit_view function checks the owner of the view against the id (both 0)
Fix is to only check view owner against id if view owner is >0 (ie not site page, the institution check handles that