Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(donor): user which as same id as donor can see donor history #3333

Closed
3 tasks done
ravinderk opened this issue Jun 7, 2018 · 2 comments
Closed
3 tasks done

fix(donor): user which as same id as donor can see donor history #3333

ravinderk opened this issue Jun 7, 2018 · 2 comments
Assignees
@ravinderk @raftaar1191
Milestone
Sprint: 2018/06/0...

Comments

@ravinderk
Copy link
Collaborator

ravinderk commented Jun 7, 2018
edited

User Story

As a donor, I want do not want anyone to access my history.

Matt Research:

So, after going through all of that I finally found what is most likely the problem. 

1) User A's User ID is 123, and he has NO Donor account, and he sees Donor A's donations. Donor A has NO user account and his Donor ID is 123. 

2) User B's User ID is 124, and he has NO Donor account. He seesDonor B's Donor history and Donor B's Donor ID is 124.

So the glitch is that WordPress users who have NO Donor account see the Donation History of the Donor that has the same User ID number (if that User ID exists). That is something that I could most likely replicate and we can get a fix out for that because that is definitely not the intended behavior at all.

Support Ticket:
https://secure.helpscout.net/conversation/573289770/17833/
https://wordpress.org/support/topic/registered-donors-name-is-not-showing-in-the-admin-panel-for-particular-donation/ (look similar)

Current Behavior

If the user has the same id as a donor can see donor's donations on the history page.

Expected Behavior

Only donor or connect user has access to donation history

Tasks

  • Reproduce
  • Fix
  • Test
@raftaar1191
Copy link
Contributor

Slack Chat link: https://givewp.slack.com/archives/C0FAGC83C/p1528350455000045

Slack Chat link: https://givewp.slack.com/files/U1DDJMUTV/FB36TC9U2/give_issues_3333.txt

ravinderk added a commit that referenced this issue Jun 7, 2018
@ravinderk
fix(donor): search for donor before get donation on basis of user
124e907 
ref #3333
@raftaar1191
Copy link
Contributor

Testing Summary for the issue: https://givewp.slack.com/archives/C0FAGC83C/p1528356149000430

@ravinderk ravinderk self-assigned this Jun 7, 2018
@samsmith89 samsmith89 mentioned this issue Aug 29, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ravinderk ravinderk

@raftaar1191 raftaar1191

Labels
None yet
Projects
None yet
Milestone
Sprint: 2018/06/06 - 2018/06/26
Development

No branches or pull requests
2 participants
@ravinderk @raftaar1191