Unauthenticated users can see topics in private categories

(Michael Downey) #1

Continuing the discussion from “Sign In” vs. “Log Out”:

To clarify, they can not see the content, just that the topic exists and its title.

For an example, go to Categories - OpenMRS Talk (no log in necessary) and look under the “Meta” category and click some of the topics that appear there.

Subcategories do not inherit permissions from parent category
(cpradio) #2

Are you sure you have the permissions set right? As this doesn’t happen on our install and I can view the topics and their content (not logged in) in your Meta category.

(Michael Downey) #3

Sorry, let me clarify:

In our installation, the Meta category is not restricted in any way. However, there are a few sub-categories, e.g., Leadership, that do have restrictions in place:

Leadership can… Create / Reply / See

staff can… See

However, what you see in the view at Categories - OpenMRS Talk under the Meta parent category, shows several topics that exist under the “restricted” Leadership sub-category. While not signed in, if you click on most of those topics listed to the right, e.g., “Out-of-the-box software”, you’ll get the “You need to log in to see that topic” error message.

(cpradio) #4

Oh, that I definitely see :smile:

Our install doesn’t have this scenario, as we don’t have any public categories that have private sub-categories.

(Neil Lalonde) #5

This is a definitely a problem. I’ll have a look.

(Neil Lalonde) #6

I pushed a fix for it. Please give it a try when you can.

(Michael Downey) #7

Looks good at Categories - OpenMRS Talk - thanks! Although, the numbers calculated in the right-most column, e.g. “N / week”, seem to include the “invisible” topics too.

(Neil Lalonde) #8

Yeah that’s another issue… Will need to think about how to fix that issue. Having private sub-categories of a public category is a use case we haven’t seen before.

(Dave McClure) #9

We haven’t done this but we’ve talked about doing it. There are certainly cases where I can see where it’d make sense.

(Jeff Atwood) #10