main icon indicating copy to clipboard operation
main copied to clipboard

Published 20 hours ago verified publisher icon affinityworks

Groups - memberships - events - attendances need access control

Open rabble opened this issue 7 years ago • 2 comments

If a user tries to view a group, memberships, events, or attendances of a group to which they shouldn't be able to manage they should be redirected somewhere else, either to the /root with a flash message if they aren't members, or to the public member version of the page if htey are a member but not an organizer.

rabble avatar Jun 16 '17 16:06 rabble

You only got the controls for group and attendance but didn't do it for events or membership!

rabble avatar Jun 20 '17 00:06 rabble

@rabble Did you tested it? Were you able to access a page you should not?

matinieves avatar Jun 21 '17 16:06 matinieves