MyBB Community Forums

MyBB Community Forums > Development > MyBB 1.8 Development > 1.8 Bugs and Issues > Pushed > Question about Can view forum? & Can view threads within forum?
Full Version: Question about Can view forum? & Can view threads within forum?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

noyle

2020-06-28, 03:23 PM
It seems that some threads/posts info (threads no., posts no., last post) will leak when forum permissions "Can view forum?" & "Can view threads within forum?" are set to No and Yes respectively.

Note: "Hide Private Forums?" is set to No.

For a user in only one usergroup and set this usergroup's permission for a specific forum as follows:

"Can view forum?" - Yes
"Can view threads within forum?" - Yes

.. will result that the user:
  • can see all the forum's info listed in index/forumdisplay (threads no., posts no., last post)
  • can enter the forum
  • can access/read threads in the forum
  • With both set to No, the result is three can'ts


"Can view forum?" - yes
"Can view threads within forum?" - no

.. will result that the user:
  • can't see any the forum's info listed in index/forumdisplay (no threads no., no posts no., and no last post)
  • can enter the forum
  • can't see the thread list (Sorry, but you do not have permission to view threads in this forum.)
  • can't access/read threads in the forum (You do not have permission to access this page. This could be because of one of the following reasons:)


"Can view forum?" - no
"Can view threads within forum?" - Yes

.. will result that the user:
  • can see all the forum's info listed in index/forumdisplay (threads no., posts no., last post)
  • can't enter the forum (You do not have permission to access this page. This could be because of one of the following reasons:)
  • can't access/read threads in the forum (You do not have permission to access this page. This could be because of one of the following reasons:)

JordanMussi

2020-06-28, 05:08 PM
(2020-06-28, 03:23 PM)noyle Wrote: [ -> ]"Can view forum?" - no
"Can view threads within forum?" - Yes

.. will result that the user:
  • can see all the forum's info listed in index/forumdisplay (threads no., posts no., last post)
  • can't enter the forum (You do not have permission to access this page. This could be because of one of the following reasons:)
  • can't access/read threads in the forum (You do not have permission to access this page. This could be because of one of the following reasons:)

I don't get that behaviour. When Can view forum? is set to no, the forum is not on the index, cannot be visited by the user and the user cannot see any threads. As I would expect.

I think it would be harmful to change this behaviour to allow access to threads in unviewable forums as some boards may have permissions setup with Can view forum? No, Can view threads within forum? Yes and so expect the user cannot access anything within the forum. Because when using the interactive permission blocks dragging View to disallowed actions only Can view forum? is set to No.

JordanMussi

2020-06-28, 05:11 PM
Ahh I've just noticed a crucial detail!

(2020-06-28, 03:23 PM)noyle Wrote: [ -> ]Note: "Hide Private Forums?" is set to No.

I can confirm the problem. I misunderstood in the previous post.

JordanMussi

2020-06-28, 05:12 PM
Hi,

Thank you for your report. We have pushed this issue to our Github repository for further analysis where you can track our commits and progress with fixing this bug. Discussions regarding this bug may also take place there too.

Follow this link to visit the issue on Github: https://github.com/mybb/mybb/issues/4097

Thanks for contributing to MyBB!

Regards,
The MyBB Group
MyBB Community Forums > Development > MyBB 1.8 Development > 1.8 Bugs and Issues > Pushed > Question about Can view forum? & Can view threads within forum?