Don't show protected posts to owners/instances the authors don't follow #648

Closed
amygdala opened this Issue Feb 25, 2011 · 1 comment

Projects

None yet

3 participants

@ginatrapani ginatrapani was assigned Sep 9, 2011
@ginatrapani ginatrapani added a commit that referenced this issue Oct 25, 2011
@ginatrapani ginatrapani Don't show protected posts to owners w/out permission
Users only see posts by protected users they have access to on the source network
Administrators see all posts, even protected ones collected on other users' behalf
This permission check has been implemented on the individual post page and on the replies listing
Still TODO: Update the GridController and ExportController to return PostIterators without private posts owner doesn't have access to
Partially addresses #648
7a992dd
@ginatrapani
ThinkUp LLC member

TODO: Modify PostDAO::getRepliesToPostIterator to support post-processing of result set (ie, removing protected posts the owner doesn't have access to).

@mwilkie mwilkie was assigned Oct 30, 2011
@mwilkie mwilkie pushed a commit that referenced this issue Nov 3, 2011
Mark Wilkie Update Grid Search to respect doesOwnerHaveAccessToPost()
* Update GridController and tests to verify post security for reply searches using OwnerInstanceDAO->doesOwnerHaveAccessToPost()
* Update OwnerInstanceDAO->doesOwnerHaveAccessToPost() and tests to cache query results
Closes #648
87af6b5
@ginatrapani ginatrapani added a commit that closed this issue Nov 4, 2011
Mark Wilkie Update Grid Search to respect doesOwnerHaveAccessToPost()
* Update GridController and tests to verify post security for reply searches using OwnerInstanceDAO->doesOwnerHaveAccessToPost()
* Update OwnerInstanceDAO->doesOwnerHaveAccessToPost() and tests to cache query results
Closes #648, closes #1099
b165132
@mwilkie mwilkie was unassigned by amygdala Apr 29, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment