Home » Download » Modules » Subgroups for Organic groups » Issues

User should not be able set a parent for non-subscribed group

Amitaibu - November 9, 2007 - 18:27
Project:Subgroups for Organic groups
Version:5.x-3.0-dev
Component:Code
Category:bug report
Priority:critical
Assigned:ezra-g
Status:closed
Description

Example:
I have 2 groups A and B
User subscribed to grouped A
User adds a sub-group, but in Add form he's allowed to set the parent as group B.

This is an access violation, as some groups are moderated and don't allow edit them.

In my opinion, groups that user is not subscribed, shouldn't appear in the parents list.

» Login or register to post comments

#1

ezra-g - February 25, 2008 - 22:16
Version:5.x-2.0» 5.x-3.0-dev
Priority:normal» critical
Assigned to:Anonymous» ezra-g

This will be fixed shortly.

Login or register to post comments

#2

ezra-g - February 25, 2008 - 22:56
Status:active» fixed

Fixed in 5.x-3.0 with commit # 103133. thanks to Amitaibu for pointing this out.

Attached is a patch detailing the changes I made.

AttachmentSize
190837-security.patch 12.61 KB
Login or register to post comments

#3

Anonymous (not verified) - March 10, 2008 - 23:57
Status:fixed» closed

Automatically closed -- issue fixed for two weeks with no activity.

Login or register to post comments
 
 

Drupal is a registered trademark of Dries Buytaert.