mahara-contributors team mailing list archive

[Robert Lyon <robertl@xxxxxxxxxxxxxxx>]

Public bug reported:

Currently it only checks if you can see the page

But if you give it block/artefact values you shouldn't see you get
content back

We need to do the following checks
1) can user see the page? if so
2) is the block on the page? if so
3) can the user see the block content? (a peer might not be able to) if so
4) is the artefact part of the block?

Only then can we show the content in the modal

** Affects: mahara
     Importance: High
         Status: Confirmed

** Changed in: mahara
       Status: New => Confirmed

** Changed in: mahara
   Importance: Undecided => High

** Changed in: mahara
    Milestone: None => 19.10.0

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1849395

Title:
  Need to lock down the view/viewblocks.json.php response more

Status in Mahara:
  Confirmed

Bug description:
  Currently it only checks if you can see the page

  But if you give it block/artefact values you shouldn't see you get
  content back

  We need to do the following checks
  1) can user see the page? if so
  2) is the block on the page? if so
  3) can the user see the block content? (a peer might not be able to) if so
  4) is the artefact part of the block?

  Only then can we show the content in the modal

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1849395/+subscriptions