mahara-contributors team mailing list archive

Thread
Date

[Bug 1310861] [NEW] marking page objectionable now allows feedback

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Robert Lyon <robertl@xxxxxxxxxxxxxxx>
Date: Tue, 22 Apr 2014 01:17:46 -0000
Reply-to: Bug 1310861 <1310861@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

If user A:
- creates a page
- turns off feedback/comments
- shares it with logged in users

And User B comes along and marks it as objectionable

The ability to leave comments is activated and so now user C, D, and E
can all leave comments.

This is all due to the view_access table getting updated with
'allowcomments' column set to a hardcoded 1 rather than respecting the
settings of the view.

I could imagine that an Admin user, who has the permissions to update a
page as 'not objectionable' may also want the ability to leave a comment
as well.

But I believe for all other users they should not be allowed to leave a
comment.

So we either need to respect the allow comment setting for the page when saving the view_access 'objectionable' row,
 or get it so that if the only allowcomments  value set to 1 is on the accesstype 'objectionable' for the page then only allow certain users (admins) to be allowed to leave a comment.

** Affects: mahara
     Importance: High
         Status: Confirmed

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1310861

Title:
  marking page objectionable now allows feedback

Status in Mahara ePortfolio:
  Confirmed

Bug description:
  If user A:
  - creates a page
  - turns off feedback/comments
  - shares it with logged in users

  And User B comes along and marks it as objectionable

  The ability to leave comments is activated and so now user C, D, and E
  can all leave comments.

  This is all due to the view_access table getting updated with
  'allowcomments' column set to a hardcoded 1 rather than respecting the
  settings of the view.

  I could imagine that an Admin user, who has the permissions to update
  a page as 'not objectionable' may also want the ability to leave a
  comment as well.

  But I believe for all other users they should not be allowed to leave
  a comment.

  So we either need to respect the allow comment setting for the page when saving the view_access 'objectionable' row,
   or get it so that if the only allowcomments  value set to 1 is on the accesstype 'objectionable' for the page then only allow certain users (admins) to be allowed to leave a comment.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1310861/+subscriptions

Follow ups

[Bug 1310861] Re: marking page objectionable now allows feedback
From: Aaron Wells, 2014-10-21
[Bug 1310861] Re: marking page objectionable now allows feedback
From: Nigel Cunningham, 2014-07-11
[Bug 1310861] A change has been merged
From: Mahara Bot, 2014-05-05
[Bug 1310861] Re: marking page objectionable now allows feedback
From: Robert Lyon, 2014-04-22
[Bug 1310861] A patch has been submitted for review
From: Mahara Bot, 2014-04-22
[Bug 1310861] Re: marking page objectionable now allows feedback
From: Aaron Wells, 2014-04-22
[Bug 1310861] [NEW] marking page objectionable now allows feedback
From: Robert Lyon, 2014-04-22

References

[Bug 1310861] [NEW] marking page objectionable now allows feedback
From: Robert Lyon, 2014-04-22