Mantis Bug Tracker

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0000466ForumGeneralpublic2008-09-25 15:38
Reporteradministrator 
Assigned Toadministrator 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version0.6.7 
Target Version0.6.8Fixed in Version0.6.8 
Summary0000466: Review can_read function
Descriptiontuning and security review
TagsNo tags attached.
Attached Files

- Relationships
child of 0000465resolvedadministrator Review forum_functions code 

-  Notes
~0001172
administrator (administrator)


I have remove 2 unusefull statment and replace another one by a call to an existing function
~0001173
administrator (administrator)


I have also review the security check order

Now it works this way

- Check the forum is public?
- If not public check if current user is super admin
- If not check if current user is a moderator that can read the forum
- If not check if current user can read the forum
- Return false

- Issue History
Date Modified Username Field Change
2008-09-25 15:13 administrator New Issue
2008-09-25 15:13 administrator Status new => assigned
2008-09-25 15:13 administrator Assigned To => administrator
2008-09-25 15:13 administrator Relationship added child of 0000465
2008-09-25 15:21 administrator Note Added: 0001172
2008-09-25 15:21 administrator Status assigned => resolved
2008-09-25 15:21 administrator Fixed in Version => 0.6.8
2008-09-25 15:21 administrator Resolution open => fixed
2008-09-25 15:37 administrator Note Added: 0001173
2008-09-25 15:38 administrator Issue cloned 0000467