Logged out users get shown edit this page option
Bug #778240 reported by
Hugh Davenport
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Mahara |
Fix Released
|
Low
|
Hugh Davenport | ||
Bug Description
When a logged out user visits a public site page, they get an edit this page option
When they visit a public page that was made by a user (ie not a site page), then they do NOT get the edit option
This happens with and without microheaders
I would suggest not showing the edit option for any public user.
Cheers,
Hugh
Revision history for this message
| Hugh Davenport (hugh-davenport) wrote | #1 |
Revision history for this message
| Hugh Davenport (hugh-davenport) wrote | #2 |
| Changed in mahara: | |
| assignee: | nobody → Hugh Davenport (hugh-catalyst) |
| status: | New → In Progress |
Revision history for this message
| Hugh Davenport (hugh-davenport) wrote | #3 |
Revision history for this message
| Hugh Davenport (hugh-davenport) wrote | #4 |
| Changed in mahara: | |
| status: | In Progress → Fix Committed |
| Changed in mahara: | |
| milestone: | none → 1.4.0 |
| Changed in mahara: | |
| status: | Fix Committed → Fix Released |
| importance: | Undecided → Low |
To post a comment you must log in.
This is because the LiveUser object has id=0, and the can_edit_view function checks the owner of the view against the id (both 0)
Fix is to only check view owner against id if view owner is >0 (ie not site page, the institution check handles that