From 1e98e341289d8f1816d865caf98c99f00e80e7db Mon Sep 17 00:00:00 2001 From: Colin Kuskie Date: Sun, 6 Sep 2009 19:37:25 -0700 Subject: [PATCH] RE: Profiles, public != visitor. fixes #10907 --- docs/changelog/7.x.x.txt | 1 + lib/WebGUI/User.pm | 1 + t/User.t | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt index 69094db2f..f555871b0 100644 --- a/docs/changelog/7.x.x.txt +++ b/docs/changelog/7.x.x.txt @@ -15,6 +15,7 @@ - fixed #10879: Collaboration System Thread lose attachments - fixed #10876: EMS Schedule displaying wrong dates for ticket events - fixed #10915: StoryManager: Carousel clips content + - fixed #10907: profiles viewable by everybody 7.7.19 - fixed #10838: Forwarded forum post email to new CS adds reply to original thread diff --git a/lib/WebGUI/User.pm b/lib/WebGUI/User.pm index 70376889c..0008a94ce 100644 --- a/lib/WebGUI/User.pm +++ b/lib/WebGUI/User.pm @@ -1207,6 +1207,7 @@ sub profileIsViewable { my $userId = $user->userId; return 0 if ($self->isVisitor); #Can't view visitor's profile + return 0 if ($user->isVisitor); #User is not allowed to see anyone's profile, either return 1 if ($self->userId eq $userId); #Users can always view their own profile my $profileSetting = $self->profileField('publicProfile'); diff --git a/t/User.t b/t/User.t index 32c3dad91..1645db993 100644 --- a/t/User.t +++ b/t/User.t @@ -917,7 +917,7 @@ ok(! $neighbor->profileIsViewable($friend), '... visitor permission follows publ ok(! $neighbor->profileIsViewable($admin), '... visitor permission follows publicProfile=none, even admin'); $neighbor->profileField('publicProfile', 'all'); ok( $neighbor->profileIsViewable($friend), '... visitor permission follows publicProfile=all'); -ok( $neighbor->profileIsViewable($visitor), '... visitor permission follows publicProfile=all, even visitor'); +ok(! $neighbor->profileIsViewable($visitor), '... visitor may not see profiles, regardless of privacy setting'); $neighbor->profileField('publicProfile', 'friends'); ok(! $neighbor->profileIsViewable($friend), '... visitor permission follows publicProfile=friend, not a friend'); $friend->addToGroups([$neighbor->friends->getId]);