When Hide Private Forums? is off users can view forum lastpost for forums where can view threads but not forum
#4097
Assignees
Labels
b:1.8
Branch: 1.8.x
s:resolved
Status: Resolved. Solution implemented or scheduled
t:bug
Type: Bug. An issue causing error / flaw / malfunction
Milestone
Comments
JordanMussi
added
b:1.8
JordanMussi
changed the title
Hide Private Forums? is off users can view forum lastpost for forums where can view threads but not forum
JordanMussi
added a commit
to JordanMussi/MyBB
that referenced
this issue
Jun 28, 2020
…um lastpost for forums where can view threads but not forum Also ensures information about new posts is not leaked by always displaying "off" indicators if hiding the forum/lastpost info.
JordanMussi
added
s:review-needed
|
So we are going with "Can view forum?" > "Can view threads within forum?", is this correct? |
|
That's already the case, if you cannot view a forum you cannot view the threads even if can view threads is enabled for that forum. |
euantorano
pushed a commit
that referenced
this issue
Nov 15, 2020
…astpost for forums where can view threads but not forum (#4098) Also ensures information about new posts is not leaked by always displaying "off" indicators if hiding the forum/lastpost info.
euantorano
added
s:resolved
lairdshaw
pushed a commit
to lairdshaw/mybb
that referenced
this issue
Oct 11, 2021
…um lastpost for forums where can view threads but not forum (mybb#4098) [Rebased for 1.9 by Laird] Also ensures information about new posts is not leaked by always displaying "off" indicators if hiding the forum/lastpost info.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It seems that some threads/posts info (threads no., posts no., last post) will leak when forum permissions "Can view forum?" & "Can view threads within forum?" are set to No and Yes respectively.
Note: "Hide Private Forums?" is set to No.
For a user in only one usergroup and set this usergroup's permission for a specific forum as follows:
"Can view forum?" - Yes
"Can view threads within forum?" - Yes
.. will result that the user:can see all the forum's info listed in index/forumdisplay (threads no., posts no., last post)
can enter the forum
can access/read threads in the forum
With both set to No, the result is three can'ts
"Can view forum?" - yes
"Can view threads within forum?" - no
.. will result that the user:can't see any the forum's info listed in index/forumdisplay (no threads no., no posts no., and no last post)
can enter the forum
can't see the thread list (Sorry, but you do not have permission to view threads in this forum.)
can't access/read threads in the forum (You do not have permission to access this page. This could be because of one of the following reasons:)
"Can view forum?" - no
"Can view threads within forum?" - Yes
.. will result that the user:can see all the forum's info listed in index/forumdisplay (threads no., posts no., last post)
can't enter the forum (You do not have permission to access this page. This could be because of one of the following reasons:)
can't access/read threads in the forum (You do not have permission to access this page. This could be because of one of the following reasons:)
Original thread: Question about Can view forum? & Can view threads within forum?
The text was updated successfully, but these errors were encountered: