Comment views don't fully enforce node access [#1407230]

Posted by ezra-g on January 16, 2012 at 10:41pm

3 followers

Issue Summary

Views such as "Latest blog post comments" don't fully enforce the node access system and display the titles of comments and paths of nodes to which the user does not have access, such as nodes in a private group.

These views check that nodes are published and that the user has the "access comments" permission, but not more general node access (such as OG node access control).

Attachment	Size
commons-comments-node-access.patch	56.07 KB

Comments

#1

Posted by laurentc on January 16, 2012 at 11:23pm

Status:

needs review

» reviewed & tested by the community

Reviewed and tested.
Thanks for the patch

#2

Posted by ezra-g on January 17, 2012 at 12:50am

Status:

reviewed & tested by the community

» fixed

Thanks for the review. This is committed: http://drupalcode.org/project/commons.git/commit/32b4c4f

#3

Posted by System Message on January 31, 2012 at 12:50am

Status:

fixed

» closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Project:	Drupal Commons
Component:	Code
Category:	bug report
Priority:	normal
Assigned:	Unassigned
Status:	closed (fixed)

Comment views don't fully enforce node access

Jump to:

Issue Summary

Comments

#1

#2

#3