Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[B] Non logged in visitor can view private posts #2158

Closed
dieterbaier opened this issue May 30, 2022 · 5 comments
Closed

[B] Non logged in visitor can view private posts #2158

dieterbaier opened this issue May 30, 2022 · 5 comments
Assignees
@lianglee
Labels
bug

Comments

@dieterbaier
Copy link

dieterbaier commented May 30, 2022
edited
Loading

Sorry for this issue! Maybe it works as it is supposed to work!? At least for my situation I could 'work around' with the component 'ProfAccess 2.0'. This component enabled disallows any non signed in user to view the profile of a posting user and therefore can also not see any private post. Still it's a bit funny, that private posts get filtered on the profile page as long a user is signed in but not, when a unsigned user would visit a profile...
I keep the following issue open; but feel free to close it, if the system really works, as it is supposed to work!

If a user set the privacy on a post to 'friends only', this post is supposed to be shown only to signed in users who are 'in connection' with the user. Right?

When the site is not 'private' (e.g. with the component 'Private Network') I expect, that at least the 'private' posts will not be displayed for users not signed in. Am I right?

This seams to work, if a user not signed in tries to open a post directly. BUT: if such a user follows the link to the timeline of the posting user, the not signed in user gets all post displayed. Also the private ones.

You can check it out: https://ossn.dieterbaier.eu/post/view/35 (public post; will be displayed to a not signed in visitor); https://ossn.dieterbaier.eu/post/view/34 (private post; will not be displayed on opening the link directly; but if you follow the link to the users timeline, you'll see this post, eventhough you are not signed in).
@lianglee
Copy link
Member

@dieterbaier thanks for reporting the issue can you confirm OSSN version you are running?

@lianglee
Copy link
Member

Created a friends only post on

https://demo.opensource-socialnetwork.org/post/view/42

image

Viewing the URL as non loggedin visitor getting 404 error

@lianglee
Copy link
Member

Sorry I can confirm there is some kind of bug here. Need to look deep. Steps to reproduce

[Admin or non admin user]

  1. Create a friends only wall post
  2. Logout
  3. Go to user profile
  4. You will see a friends only post

lianglee added a commit that referenced this issue May 30, 2022
@lianglee
Non loggedin should only see a public posts on user wall #2158
5b359fe
@lianglee
Copy link
Member

Fixed in OSSN 6.2 you may apply patch with above details. 5b359fe

Seems users wall section got less attention when we created post filtering for blocked users.

@lianglee lianglee changed the title Non logged in visitor can view private posts [B] Non logged in visitor can view private posts May 30, 2022
@lianglee lianglee added the bug label May 30, 2022
@lianglee lianglee self-assigned this May 30, 2022
@dieterbaier
Copy link
Author

Thanks for the fast response :-) Awesome work!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lianglee lianglee

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lianglee @dieterbaier