Discussions Module - Donwloads - View permissions | Minor Priority Bug
Closed this issue · 8 comments
Hello,
after creating a posting with and uploaded image embedded,
- the author CAN view the image
- admin cannot view image
- guest cannot view image
- member
did not test yet(will do it soon) Edit: Tested member impersonated from admin cannot view the image
The error displayed if visiting the image link while not beeing the author is `Ooops... you take the wrong route!"
'Humhub version' => '1.15.0',
The PHP is 8.2.13
MariaDB is 10.3.39
...sorry forgotton, an additional error is displayed:
Insufficient rights!
`
...sorry forgotton, an additional error is displayed:
Insufficient rights!
`
I'll look into this right now.
Can you check your file permissions for /upload/*
to make sure that it's viewable.
I just made uploads read and writable again.
Mh. This is strange. I did just some additional failed test posts with images.
BUT: Now Admin/User CAN see the images of each other COMMENTS, this works.
Guests cannot view them.
I deleted some of my test postings now (do not want to flood my users with notifications about test content), not quite sure next I will try more different(!) images, maybe it depends on the image/type itself?
I tried 3 or 4 different images in more than 10 testpostings, does it matter if the same file already exists in the uploads (uploaded twice)?
I just made uploads read and writable again.
Mh. This is strange. I did just some additional failed test posts with images.
BUT: Now Admin/User CAN see the images of each other COMMENTS, this works.
Guests cannot view them.I deleted some of my test postings now (do not want to flood my users with notifications about test content), not quite sure next I will try more different(!) images, maybe it depends on the image/type itself?
I tried 3 or 4 different images in more than 10 testpostings, does it matter if the same file already exists in the uploads (uploaded twice)?
I believe by default we disabled guest view for the TopMenu
currently with this in the Module.php file;
if (Yii::$app->user->isGuest) {
return;
}
We did this till we add the guest view back in the next release, this also introduces pagination back into the module as well.
So, we can close this issue here!?
I will wait for the next release, no problem.
Yes, we can close this issue.