#4822 - Gallery narrow-in functionality should check permissions
-
By Chris Graham
- Added
- 3 views
| Identifier | #4822 |
|---|---|
| Issue type | Minor issue (breaks specific functionality) |
| Title | Gallery narrow-in functionality should check permissions |
| Status | Completed |
| Handling member | Chris Graham |
| Version | 10.0.41 |
| Addon | galleries |
| Description | If the galleries are configured with narrow-in enabled (or equivalent Selectcode is given to the main_gallery_embed block) then:
1) We should check category permissions for whatever galleries descendant entries are in. Most webmasters would assume that gallery media thumbnails would not be visible if that gallery media is in a gallery without access to the current user. While this is not made explicit (so I am not filing this as a security issue), it is the right UX choice. 2) We must disable cacheing on the block, as member-level privileges may be involved. If narrow-in is *not* being used we do not need to check permissions as the block may assume by its use by the webmaster that permission to see the output is granted within context. |
| Steps to reproduce | |
| Related to | #4765 - Gallery items set as Members only outputs thumbnails for Guests |
| Funded? | No |
| Commits |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments
There have been no comments yet