Posted by jredding on November 30, 2008 at 4:56pm
Jump to:
| Project: | User Points Top Contributors |
| Version: | 5.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | jredding |
| Status: | closed (fixed) |
Issue Summary
Userpoints has two permissions; userpoints_perm_view and userpoints_perm_view_own (added in November, 2008). The hook_user doesn't check for either of these thus displaying the user's points regarding of the viewing user's permissions.
The attached patch corrects this thus requiring the viewer to have the "view userpoints" permission to see points for all users or the "view own userpoints" to see their userpoints.
This patch has not been tested.
| Attachment | Size |
|---|---|
| up_top_contrib_check_perms_hook_user.patch | 2.19 KB |
Comments
#1
Committed to dev.
#2
Automatically closed -- issue fixed for 2 weeks with no activity.