Comments & userinfo

Posted: Wed Feb 22, 2006 2:36 pm

I´m using comments in news. If someone click and checks userinfo in a comment he is able to see the group membership with expiration date of this user. That´s a problem because of data security. How do I change this ?

Posted: Wed Feb 22, 2006 4:19 pm

I am not sure I understand the question Susann.
How does showing a users group membership expiry date affect the security of the comment(?) data ?

Posted: Wed Feb 22, 2006 5:12 pm

Guardian

No, that the security of the comment but the personal data of course I meant only the memberships. Hard to explain.

that´s the first time I´m using groups. All groups are set to private. I´m not sure if the comments are really working like the should but another webmaster I asked had also problems with the comments in news.However, I don´t like to show the VIP´s and generally the group memberships on the site to everyone through comments. So the simple solution is no activation of comments. But I´ ll think about this problem again.

Posted: Wed Feb 22, 2006 5:44 pm

So, you are asying that you would prefer the site users to not know who is in each group and the comments allows you to see it.
I think I understand now.

So what is really needed is a permission check based on groups to the comments function so only the group who the poster belongs too can see it.

Nice idea.

Posted: Wed Feb 22, 2006 5:57 pm

That´s your interpretation indeed a nice idea. Smile

registered · Posted: Wed Feb 22, 2006 6:12 pm

Yeah, I see what you mean. That really doesn't make sense to show it to everyone. It was added as a part of the Your Account module index.php change for NSN Groups. We may need to modify that to check to make sure only YOU can see YOUR NSN Groups (which I think is what this was intended for to begin with).

Posted: Wed Feb 22, 2006 6:18 pm

Guardian and Susann, I have opened a bug report on this one and tied it to "Module - Groups".

Posted: Wed Feb 22, 2006 8:54 pm

Susann, until we can get a bug release out, I suggest you replace your RavenNuke76 2.02.00 version of modules/Your_Account/index.php script with that from Chatserv's 3.1 patchset. All you are losing is the display of these groups. Once we have a bug fix, you can simply replace it back with the fixed one.

Trust me.... Smile

Posted: Thu Feb 23, 2006 8:17 am

Don´t know why I only concentrate on the comments function. I replaced the index.php. Works fine. Smile

Posted: Thu Feb 23, 2006 8:23 am

We'll get this fixed in the 2.02.02 patch release.

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

This is from the README for NSN Groups. Does this pertain to this matter?

Code:




If you want admin status to over-ride groups status open includes/nsngr_func.php and find:


    /*if (is_admin($admin)) {


        return 1;


    } else*/if (is_user($user)) {





this appears in two functions, in_group() and in_groups(), then change it to:


    if (is_admin($admin)) {


        return 1;


    } elseif (is_user($user)) {

Posted: Fri Feb 24, 2006 5:54 am

I don't think so. If I remember correctly, that is to ensure that the Admin will always see the blocks, messages and modules that are tied to "Groups" even if he/she is not specifically tied to a group.

Posted: Fri Feb 24, 2006 8:12 pm

I couldn´t find out any difference in userinfo.

Posted: Thu Mar 09, 2006 8:32 am

This has been fixed in CVS for 2.02.02.

Posted: Thu Mar 09, 2006 8:54 am

Great !