← Back to team overview

mahara-contributors team mailing list archive

  1. mahara-contributors team
  2. Mailing list archive
  3. Message #57139

[Bug 1851557] Re: Members from other institution can be seen when sharing portfolios despite isolated institutions

  Thread PreviousDate PreviousThread Next 
Scenario 5: When "See own groups only" is turned on along isolated
institutions, regular users should only be able to invite people who are
also in at least one of the groups they are in. Institution admins and
staff can see everyone in their institution.

To replicate scenario 5:

1. Allow isolated institutions in the config.php.
2. In Admin menu -> Configure site -> Site options -> Group settings -> Turn on "See own groups only".
3. In In Admin menu -> Configure site -> Site options -> Group settings -> Allow everyone to create a group.
4. Set up 2 institutions with 4 people each.
5. Put two group members from one institution into the same group, and 1 each into a separate group.
6. Log in as a normal institution member and create an open group.
7. Click the "Members" tab and invite people.
Expected result: You only see the one person who is already in a group with you, but nobody else.
Actual result: You see everyone in your institution (but not people from other institutions, which is correct).

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1851557

Title:
  Members from other institution can be seen when sharing portfolios
  despite isolated institutions

Status in Mahara:
  In Progress
Status in Mahara 19.04 series:
  Confirmed
Status in Mahara 19.10 series:
  Confirmed
Status in Mahara 20.04 series:
  In Progress

Bug description:
  When you have isolated institutions turned on and a minimum of two
  institutions, you can see people from another institution when you
  share your portfolio page though you should not be allowed to see
  them. This will also need to be checked for when "See own groups only"
  is turned on as that restricts the sharing even more.

  Similarly, when a person searches for groups, they should only see
  groups that are associated with their institution or that they are in
  if "See own groups only" is turned on.

  
  To replicate scenario 1:

  1. Allow isolated institutions in the config.php.
  2. Set up 2 institutions with 3 people each.
  3. Put two group members from the same institution into a group each.
  4. Log in as a normal institution member and create a page.
  5. Share that page and select "Search for... user".
  Expected result: You only see the 2 other people from your own institution.
  Actual result: You can share your page with everyone.

  To test scenario 2:

  1. Allow isolated institutions in the config.php.
  2. In Admin menu -> Configure site -> Site options -> group settings.
  3. Set up 2 institutions with 3 people each.
  4. Put two group members from the same institution into a group each.
  5. Log in as a normal institution member and create a page.
  6. Share that page and select "Search for... user".
  Expected result: You only see the one other person from your institution who's in the same group as the person you are currently logged in.

  To replicate scenario 3:

  1. Allow isolated institutions in the config.php.
  2. In Admin menu -> Configure site -> Site options -> group settings.
  3. Set up 2 institutions with 3 people each.
  4. Put two group members from the same institution into a group each.
  5. Set up 2 additional groups in each institution as site admin.
  6. Log in as a normal institution member and create a page.
  7. Share that page and select "Search for... groups".
  Expected result: You only see the 1 group in which you are a member.

  To replicate scenario 4:

  1. Allow isolated institutions in the config.php.
  2. Set up 2 institutions with 3 people each.
  3. Put two group members from the same institution into a group each.
  4. Set up 2 additional groups in each institution as site admin.
  5. Log in as a normal institution member and create a page.
  6. Share that page and select "Search for... groups".
  Expected result: You only see the 3 groups that were created in your own institution.
  Actual result: You can see all groups listed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1851557/+subscriptions

References

  Thread PreviousDate PreviousThread Next