DjangoBB

Django based forum engine

  • You are not logged in.

#1 Aug. 7, 2010 17:07:00

Mokona
Registered: 2010-07-29
Posts: 11
Reputation: +  0  -
Profile   Send e-mail  

Seing unauthorized topics

Hi,

when doing searches, a user can see topics that it is not supposed to see because it is not in the groupe that the category of the topic is.

For example, the search of unanswered topics is : topics = Topic.objects.filter(post_count=1)

So all the unanswered topics are seen, even if the category of the topic is "private" considering the current user (or guest).

To quickly fix that, I've added this code at the end of the

if 'action' in request.GET:
part in the
def search(request):
function, just before
return {'paged_qs': topics}
:


        # Remove topics non accessible to user                                                                                                                                   
        topics = [topic for topic in topics if topic.forum.category.has_access(request.user)]                                                                                    


I'm rather new to Django so I don't know if there's a better way to do that, playing with filtering.

Edited Mokona (Aug. 7, 2010 17:08:12)

Offline

#2 Aug. 11, 2010 17:12:54

slav0nic
DjangoBB Developer
From: Ukraine
Registered: 2009-10-25
Posts: 382
Reputation: +  5  -
Profile   Send e-mail  

Seing unauthorized topics

this is not good solution) after migration to django 1.2 i planing used new permissions

Offline

#3 Aug. 13, 2010 15:46:24

Mokona
Registered: 2010-07-29
Posts: 11
Reputation: +  0  -
Profile   Send e-mail  

Seing unauthorized topics

Ok.

Well, since then, I'll stay on this solution until then, since I can't show private forums to everyone

Edited Mokona (Aug. 13, 2010 15:46:40)

Offline

Board footer

Moderator control

Powered by DjangoBB

Lo-Fi Version