mahara-contributors team mailing list archive

[Aaron Wells <1262040@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

While discussing the export to ZIP bug ( Bug 1013022 ) I realized that
$USER->can_view_artefact() does not do what I thought it did. I thought
that it was like can_view_view(), i.e. it was an easy way to tell
whether a particular user is allowed to see the contents of a particular
artefact.

But it does not mean that, as evidenced by the fact that it's not
accessed at all on the artefact detail page, view/artefact.php. Instead,
this function refers to whether or not the user should be able to see
the artefact in their own or a group's Content area.

The reason it exists and has this name, is because of the group files
permissions system (see
http://manual.mahara.org/en/1.8/groups/inside_group.html#index-16 ).
This defines three permission levels for a file: "View" lets you see the
page in Contents and use it in Group pages, "Edit" lets you change the
file's metadata, and "Publish" lets you use the file in your own
Portfolio pages.

Anyway, I misunderstood it as doing the same thing as can_view_view(),
which checks whether a particular user can see a particular Page in
display-mode. The similar functionality for artefacts, as seen on
view/artefact.php, is to provide an artefact ID & a page ID, and to
check whether the artefact is in the page and the user can view the
page.

** Affects: mahara
     Importance: High
         Status: Confirmed

** Affects: mahara/1.6
     Importance: High
         Status: Confirmed

** Affects: mahara/1.7
     Importance: High
         Status: Confirmed

** Affects: mahara/1.8
     Importance: High
         Status: Confirmed

** Affects: mahara/1.9
     Importance: High
         Status: Confirmed

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1262040

Title:
  I've been misusing $USER->can_view_artefact()

Status in Mahara ePortfolio:
  Confirmed
Status in Mahara 1.6 series:
  Confirmed
Status in Mahara 1.7 series:
  Confirmed
Status in Mahara 1.8 series:
  Confirmed
Status in Mahara 1.9 series:
  Confirmed

Bug description:
  While discussing the export to ZIP bug ( Bug 1013022 ) I realized that
  $USER->can_view_artefact() does not do what I thought it did. I
  thought that it was like can_view_view(), i.e. it was an easy way to
  tell whether a particular user is allowed to see the contents of a
  particular artefact.

  But it does not mean that, as evidenced by the fact that it's not
  accessed at all on the artefact detail page, view/artefact.php.
  Instead, this function refers to whether or not the user should be
  able to see the artefact in their own or a group's Content area.

  The reason it exists and has this name, is because of the group files
  permissions system (see
  http://manual.mahara.org/en/1.8/groups/inside_group.html#index-16 ).
  This defines three permission levels for a file: "View" lets you see
  the page in Contents and use it in Group pages, "Edit" lets you change
  the file's metadata, and "Publish" lets you use the file in your own
  Portfolio pages.

  Anyway, I misunderstood it as doing the same thing as can_view_view(),
  which checks whether a particular user can see a particular Page in
  display-mode. The similar functionality for artefacts, as seen on
  view/artefact.php, is to provide an artefact ID & a page ID, and to
  check whether the artefact is in the page and the user can view the
  page.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1262040/+subscriptions