← Back to team overview

mugle-dev team mailing list archive

  1. mugle-dev team
  2. Mailing list archive
  3. Message #00336

Re: [Bug 786685] Re: Views aren't restricted by permission

  Thread PreviousDate PreviousThread Next 
Ah ok, i'm not familiar with how the prageeth set up the permissions, but
we'll need to fix that then.

On Mon, May 23, 2011 at 11:11 AM, Matt Giuca
<786685@xxxxxxxxxxxxxxxxxx>wrote:

> Yes, I have tested it, and it allows anybody to view the game token.
>
> --
> You received this bug notification because you are a member of MUGLE
> Developers, which is a direct subscriber.
> https://bugs.launchpad.net/bugs/786685
>
> Title:
>  Views aren't restricted by permission
>
> Status in Melbourne University Game-based Learning Environment:
>  Triaged
>
> Bug description:
>  The permissions system stops you from writing anywhere you shouldn't,
>  but there don't appear to be any restrictions on what you can view.
>  Any user can go around to #!/devteam/game/+edit and see everything
>  there, including all the badges, and the game token.
>
>  Users need to be restricted from accessing certain kinds of data. Note
>  that this can't be done on the client side. The server needs to refuse
>  to give you certain objects (or refuse to fill in certain fields) if
>  you ask for them.
>
> --
> Mailing list: https://launchpad.net/~mugle-dev
> Post to     : mugle-dev@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~mugle-dev
> More help   : https://help.launchpad.net/ListHelp
>

-- 
You received this bug notification because you are a member of MUGLE
Developers, which is a direct subscriber.
https://bugs.launchpad.net/bugs/786685

Title:
  Views aren't restricted by permission

Status in Melbourne University Game-based Learning Environment:
  Triaged

Bug description:
  The permissions system stops you from writing anywhere you shouldn't,
  but there don't appear to be any restrictions on what you can view.
  Any user can go around to #!/devteam/game/+edit and see everything
  there, including all the badges, and the game token.

  Users need to be restricted from accessing certain kinds of data. Note
  that this can't be done on the client side. The server needs to refuse
  to give you certain objects (or refuse to fill in certain fields) if
  you ask for them.

References

  Thread PreviousDate PreviousThread Next