Discussions Module - Donwloads - View permissions | Minor Priority Bug

Question

Discussions Module - Donwloads - View permissions | Minor Priority Bug

Closed this issue 9 months ago · 8 comments

wehowski commented 9 months ago

Hello,
after creating a posting with and uploaded image embedded,

the author CAN view the image
admin cannot view image
guest cannot view image
member ~~did not test yet~~ (will do it soon) Edit: Tested member impersonated from admin cannot view the image

The error displayed if visiting the image link while not beeing the author is `Ooops... you take the wrong route!"

'Humhub version' => '1.15.0',
The PHP is 8.2.13
MariaDB is 10.3.39

Answer 1 · 2023-12-07T22:41:21.000Z

...sorry forgotton, an additional error is displayed:
Insufficient rights!
`

Answer 2 · 2023-12-08T12:52:34.000Z

...sorry forgotton, an additional error is displayed: Insufficient rights! `

I'll look into this right now.

Answer 3 · 2023-12-08T13:01:05.000Z

After looking into this, I'm not able to reproduce this, the only issue that I see is that uploaded images don't resize correctly. 🤔

Impersonated User

Admin User

Answer 4 · 2023-12-08T13:28:55.000Z

Can you check your file permissions for /upload/* to make sure that it's viewable.

Answer 5 · 2023-12-08T13:54:10.000Z

I just made uploads read and writable again.

Mh. This is strange. I did just some additional failed test posts with images.
BUT: Now Admin/User CAN see the images of each other COMMENTS, this works.
Guests cannot view them.

I deleted some of my test postings now (do not want to flood my users with notifications about test content), not quite sure next I will try more different(!) images, maybe it depends on the image/type itself?
I tried 3 or 4 different images in more than 10 testpostings, does it matter if the same file already exists in the uploads (uploaded twice)?

Answer 6 · 2023-12-08T14:57:22.000Z

I just made uploads read and writable again.

Mh. This is strange. I did just some additional failed test posts with images.
BUT: Now Admin/User CAN see the images of each other COMMENTS, this works.
Guests cannot view them.

I deleted some of my test postings now (do not want to flood my users with notifications about test content), not quite sure next I will try more different(!) images, maybe it depends on the image/type itself?
I tried 3 or 4 different images in more than 10 testpostings, does it matter if the same file already exists in the uploads (uploaded twice)?

I believe by default we disabled guest view for the TopMenu currently with this in the Module.php file;

        if (Yii::$app->user->isGuest) {
            return;
        }

We did this till we add the guest view back in the next release, this also introduces pagination back into the module as well.

Answer 7 · 2023-12-08T15:08:13.000Z

So, we can close this issue here!?
I will wait for the next release, no problem.

Answer 8 · 2023-12-08T15:38:10.000Z

Yes, we can close this issue.