Page access control not listed in "view allowed actions"

Dolphin 7.0.7 Beta.

If a page is blocked, then it should be listed in the list of what is not allowed for that membership level.  You might not have to list all the blocked pages, but at least indicate that there are some restricted pages in the list of allowed actions.

 

Also...I tried to block the capability of a member to read a message where the page is mail.php?mode=view_message.  However, I was not successful.  I tested it on http://www.demozzz.com/dolphin707b/.  This is what I did:

- Logged in as "admin" in the administration section. 

- Entered "mail.php?mode=view_message" to be page blocked for all membership levels (non-member, standard, and promotion)

- Sent user "Dezzy" a test message. Logged off.

- Logged in as "Dezzy" who has a promotion membership level

- Went to read my message from "admin" and I was able to do so with no restrictions.

So although I was not successful at blocking the page, I think that all messages from an admin should be readable by the user even if the view_message page block is enabled for other members.  So if this is expected or intentional, then OK.  If this was not intentional, then there is something wrong with the page block feature.

 

Thanks

Quote · 22 Jul 2011

Hello Deezy,

If a page is blocked, then it should be listed in the list of what is not allowed for that membership level.  You might not have to list all the blocked pages, but at least indicate that there are some restricted pages in the list of allowed actions.

Ok, we'll consider that as an enhancement.

 

We have found the problem with mail.php?mode=view_message (it was happening only on servers where magic_quotes_gpc is set to On). Thanks for finding it. In the release it'll be fixed.

BTW I've fixed the rule on demozzz.com, so it should work fine (rule itself, but not the rule add form; if you wish to add another rule then prepend all . and ? with a backslash \).

 

As to this:

I think that all messages from an admin should be readable by the user even if the view_message page block is enabled for other members.

That sounds reasonable, but when you're using Page Access Control to protect some URL/Page there is no way to distinguish what the page is being restricted. I mean from the point of view of Page Access Control all the pages are the same - some URL. I.e. PAC doesn't "knows" anything about what kind of pages there are in Dolphin. It protects just an URL string.

Quote · 25 Jul 2011

The page access mods is one of the best mods.  I like it just the way it is. PERFECT

Quote · 25 Jul 2011

Some minor issue was found. So, we created a ticket.

You may track it here http://www.boonex.com/trac/dolphin/ticket/2594.

Quote · 25 Jul 2011

 

As to this:

That sounds reasonable, but when you're using Page Access Control to protect some URL/Page there is no way to distinguish what the page is being restricted. I mean from the point of view of Page Access Control all the pages are the same - some URL. I.e. PAC doesn't "knows" anything about what kind of pages there are in Dolphin. It protects just an URL string.

 

I understand your point.  However, the page block only occurs after one clicks on the message within the indox.  So if the code checked who the sender of the message was (check to see if it is an admin/moderator) before it executed the page block feature, it would or could allow that message to go through instead of blocking the view_message page.

Quote · 26 Jul 2011

 

 I understand your point.  However, the page block only occurs after one clicks on the message within the indox.  So if the code checked who the sender of the message was (check to see if it is an admin/moderator) before it executed the page block feature, it would or could allow that message to go through instead of blocking the view_message page.

The problem here is that PAC doesn't knows that protected page is a message view page, it even doesn't knows that there is a sender on that page, thus it is impossible to check who is sender there. It just protects access to a certain URL pattern as soon as that pattern is matched with an actual URL of the page.

Quote · 26 Jul 2011
 
 
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.