Opened 6 years ago

Closed 6 years ago

#1662 closed bug (fixed)

banned profiles are still visible for all members

Reported by: globetrotter_tt Owned by: mahouni
Priority: critical Milestone: 0.8
Component: BW Profile Keywords: profile
Cc: planetcruiser, jeanyves, fake51

Description

Issue:

Profiles with the status "banned" are still visible for all members. If i remember right they should be only visible for admins with "safety team" rights.

Change History (10)

comment:1 Changed 6 years ago by planetcruiser

  • Milestone changed from unassigned to 0.8

i'd say this is pretty urgent

comment:2 Changed 6 years ago by globetrotter_tt

This ticket has still no owner. Should we move it to a later milestone?

comment:3 Changed 6 years ago by crumbking

yes let's move it to the milestone after osm.

comment:4 Changed 6 years ago by mahouni

  • Owner set to mahouni
  • Status changed from new to assigned

I had a look at that ticket today. I will try to fix it, but I am not yet sure if I'll manage to get there. Let's keep it in the milestone for now and I will give you an update in the next three days, so we can decide if it has to move to a later milestone.

comment:5 Changed 6 years ago by mahouni

pushed to develop, ready for testing.

Banned profiles are not visible anymore. Volunteers with old_right "Admin" or "SafetyTeam?" can still browse banned profiles.

Please test locally before deploying to alpha, as this is more "security" related than other stuff. I haven't managed to ban a member, so I had to change the status of a test profile directly in the database with sth like this:

UPDATE members SET Status = 'Banned' where Username = 'admin';)

think before c&p... user admin and hkroger are the profiles with admin rights on the testdatabase

Last edited 6 years ago by mahouni (previous) (diff)

comment:6 Changed 6 years ago by mahouni

Also check with someone who should know it, if these two rights are the ones we need here. There is a db table called "rights", where the available rights can be found. No idea which rights are actually used. There is also a newer concept, the "Role"-entity with the Role Sysadmin as an option.

comment:7 Changed 6 years ago by crumbking

  • Cc fake51 added

@jeanyves, fake51

Could you guys give some input regarding the rights? As far as I remember you guys should know it.

@mahouni I will test locally next days...

comment:8 Changed 6 years ago by crumbking

Okay tested.

Banned member is not visible for members/nonmembers anymore...

.. and still visible for the safety team and the admins

Should work!

Maybe someone with relevant rights should check on alpha as well.

comment:9 Changed 6 years ago by globetrotter_tt

crumbking and me tested it on alpha. banned profiles not visible for him, but visible for me (safety team).

comment:10 Changed 6 years ago by globetrotter_tt

  • Resolution set to fixed
  • Status changed from assigned to closed
Note: See TracTickets for help on using tickets.