Group To Post is now not sufficient to view a CS. Fixes bug #11916.

docs/changelog/7.x.x.txt

@@ -13,6 +13,7 @@
  - fixed #11902: forums bug
  - fixed #11912: Corrupt cookie causes server 500 errors
  - fixed #11919: Survey rendering with section text
+ - fixed #11916: Collaboration System security
 
 7.10.2
  - fixed #11884: Editing Templates impossible / Code editor not loaded

docs/gotcha.txt

@@ -7,6 +7,14 @@ upgrading from one version to the next, or even between multiple
 versions. Be sure to heed the warnings contained herein as they will
 save you many hours of grief.
 
+7.10.3
+--------------------------------------------------------------------
+     * In the Collaboration System, previously the Group to Post group
+       was also allowed to view the CS.  This made it difficult to
+       make the CS not viewable to regular users, so the behavior was
+       removed in 7.10.3.  If your site depended on the Group To Post being
+       able to view the CS, then make the it a sub-group of Group To View.
+
 7.10.2
 --------------------------------------------------------------------
      * The URL used by Display Message on Login always returns the user to 

lib/WebGUI/Asset/Wobject/Collaboration.pm

@@ -397,25 +397,6 @@ sub canStartThread {
 }
 
 
-#-------------------------------------------------------------------
-
-=head2 canView ( [ $userId ] )
-
-Extends the base method to also allow users who canPost to the CS.
-
-=head3 $userId
-
-A userId to check for edit permissions. If $userId is false, then it checks
-the current session user.
-
-=cut
-
-sub canView {
-	my $self = shift;
-        my $userId  = shift     || $self->session->user->userId;
-	return $self->next::method( $userId ) || $self->canPost( $userId );
-}
-
 #-------------------------------------------------------------------
 
 =head2 commit