View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 4822 | Composr | galleries | public | 2022-01-31 03:51 | 2022-01-31 03:52 |
| Reporter | Chris Graham | Assigned To | Chris Graham | ||
| Priority | high | Severity | minor | ||
| Status | resolved | Resolution | fixed | ||
| Product Version | 10.0.41 | ||||
| Fixed in Version | 10.0.42 | ||||
| Summary | 4822: Gallery narrow-in functionality should check permissions | ||||
| Description | If the galleries are configured with narrow-in enabled (or equivalent Selectcode is given to the main_gallery_embed block) then: 1) We should check category permissions for whatever galleries descendant entries are in. Most webmasters would assume that gallery media thumbnails would not be visible if that gallery media is in a gallery without access to the current user. While this is not made explicit (so I am not filing this as a security issue), it is the right UX choice. 2) We must disable cacheing on the block, as member-level privileges may be involved. If narrow-in is *not* being used we do not need to check permissions as the block may assume by its use by the webmaster that permission to see the output is granted within context. | ||||
| Tags | No tags attached. | ||||
| Attach Tags | |||||
| Attached Files | |||||
| Time estimation (hours) | |||||
| Sponsorship open | |||||
| related to | 4765 | Resolved | Chris Graham | Gallery items set as Members only outputs thumbnails for Guests |
|
|
Fixed in git commit 736637667 (https://gitlab.com/composr-foundation/composr/commit/736637667 - link will become active once code pushed to GitLab) A hotfix (a TAR of files to upload) has been uploaded to this issue. These files are made to the latest intra-version state (i.e. may roll in earlier fixes too if made to the same files) - so only upload files newer than what you have already. If there are files in a hot-fix that you don't have then they probably relate to addons that you don't have installed and should be skipped. Always take backups of files you are replacing or keep a copy of the manual installer for your version, and only apply fixes you need. These hotfixes are not necessarily reliable or well supported. Not sure how to extract TAR files to your Windows computer? Try 7-zip (http://www.7-zip.org/). |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2022-01-31 03:52 | Chris Graham | Relationship added | related to 4765 |
| 2022-01-31 03:52 | Chris Graham | Summary | Gallery narrow-in functionality should check privileges => Gallery narrow-in functionality should check permissions |
| 2022-01-31 03:52 | Chris Graham | Description Updated |
