-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pages/siteimagesowner shouldn't be accessible when not logged in #13
Comments
When logged out a visitor will only see the images/albums that have "public" access level. This is the same for other type of content, too, e.g. a users public blogs. So, a user's blogs, files etc. pages are also accessible when logged out. So I wonder why it should be different for images of a user of Tidypics. Of course, the "Upload" button shouldn't be displayed when logged out. It seems I've forgotten to remove it from this page. But I see a user's name on the page also when logged out and not just ''s photos". May I ask which version of Tidypics you are currently using? |
Typically a logged-out user has no way of reaching photos/siteimagesowner. In my case I was logged in while viewing that page (via the 'Mine' tab) in a browser tab. In another browser tab I logged out, and then I went back to the siteimagesowner browser tab and either refreshed or hit enter in the URI bar. Admittedly, it's probably not a common scenario. Agreed that the 'Upload photos' button shouldn't be there, but I'm confused -- which user's name did you see on that page when logged out? To me, "'s photos" (while unsightly) at least has a plausible explanation -- the code appended "'s photos" to the logged-in user's name, but there was no logged-in user. We're using version 2014111701. |
I think I've got it now. I had tested it by going to a profile page first and followed the "Photos" link from there. In this case you get this user's photos (including username) displayed correctly because the user's GUID is known. If you are logged in the fallback is to use the logged-in user's GUID but currently the case of a missing GUID (when logged-out and directly calling siteimageowner) is not correctly handled indeed. Most likely all public photos are displayed instead even. I'll include this issue in my list of tasks. Though I might be able to work on Tidypics again not before the beginning of next year after holiday season. |
Fixed by commit fec406d which will be included in version 1.9.5. |
See screenshot re: "'s photos":
The text was updated successfully, but these errors were encountered: