Page access control not listed in "view allowed actions"

Reply·Subscribe
Dezzy
DezzyAdvanced
93 posts
0
 

Dolphin 7.0.7 Beta.

If a page is blocked, then it should be listed in the list of what is not allowed for that membership level.  You might not have to list all the blocked pages, but at least indicate that there are some restricted pages in the list of allowed actions.

 

Also...I tried to block the capability of a member to read a message where the page is mail.php?mode=view_message.  However, I was not successful.  I tested it on http://www.demozzz.com/dolphin707b/.  This is what I did:

- Logged in as "admin" in the administration section. 

- Entered "mail.php?mode=view_message" to be page blocked for all membership levels (non-member, standard, and promotion)

- Sent user "Dezzy" a test message. Logged off.

- Logged in as "Dezzy" who has a promotion membership level

- Went to read my message from "admin" and I was able to do so with no restrictions.

So although I was not successful at blocking the page, I think that all messages from an admin should be readable by the user even if the view_message page block is enabled for other members.  So if this is expected or intentional, then OK.  If this was not intentional, then there is something wrong with the page block feature.

 

Thanks

Quote · 22 Jul 2011
AntonL
AntonLMasterGunner
150 posts
0
 

Hello Deezy,

If a page is blocked, then it should be listed in the list of what is not allowed for that membership level.  You might not have to list all the blocked pages, but at least indicate that there are some restricted pages in the list of allowed actions.

Ok, we'll consider that as an enhancement.

 

We have found the problem with mail.php?mode=view_message (it was happening only on servers where magic_quotes_gpc is set to On). Thanks for finding it. In the release it'll be fixed.

BTW I've fixed the rule on demozzz.com, so it should work fine (rule itself, but not the rule add form; if you wish to add another rule then prepend all . and ? with a backslash \).

 

As to this:

I think that all messages from an admin should be readable by the user even if the view_message page block is enabled for other members.

That sounds reasonable, but when you're using Page Access Control to protect some URL/Page there is no way to distinguish what the page is being restricted. I mean from the point of view of Page Access Control all the pages are the same - some URL. I.e. PAC doesn't "knows" anything about what kind of pages there are in Dolphin. It protects just an URL string.

Quote · 25 Jul 2011
prolaznik
prolaznikAdvanced
2200 posts
1
 

The page access mods is one of the best mods.  I like it just the way it is. PERFECT

Quote · 25 Jul 2011
AntonL
AntonLMasterGunner
150 posts
0
 

Some minor issue was found. So, we created a ticket.

You may track it here http://www.boonex.com/trac/dolphin/ticket/2594.

Quote · 25 Jul 2011
Dezzy
DezzyAdvanced
93 posts
0
 

 

As to this:

That sounds reasonable, but when you're using Page Access Control to protect some URL/Page there is no way to distinguish what the page is being restricted. I mean from the point of view of Page Access Control all the pages are the same - some URL. I.e. PAC doesn't "knows" anything about what kind of pages there are in Dolphin. It protects just an URL string.

 

I understand your point.  However, the page block only occurs after one clicks on the message within the indox.  So if the code checked who the sender of the message was (check to see if it is an admin/moderator) before it executed the page block feature, it would or could allow that message to go through instead of blocking the view_message page.

Quote · 26 Jul 2011
AntonL
AntonLMasterGunner
150 posts
0
 

 

 I understand your point.  However, the page block only occurs after one clicks on the message within the indox.  So if the code checked who the sender of the message was (check to see if it is an admin/moderator) before it executed the page block feature, it would or could allow that message to go through instead of blocking the view_message page.

The problem here is that PAC doesn't knows that protected page is a message view page, it even doesn't knows that there is a sender on that page, thus it is impossible to check who is sender there. It just protects access to a certain URL pattern as soon as that pattern is matched with an actual URL of the page.

Quote · 26 Jul 2011
Reply ›
 
 
Home
Features
Pricing
Hosting
Support
About
StartDemo
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.

Blogs

Dolphin.Pro News
BoonEx News
Our Journey
Social Software World
Community Voice

Help

Support Forums
Documentation
BoonEx at GitHub
Knowledge Base
Contact Support Team

Product

Dolphin.Pro Features
Live Demo & Sandbox
Download Packages
Pricing & Order
Contact Sales Team

Company

Contact Us
About BoonEx
Privacy Policy
Terms & Conditions
© BoonEx Pty Ltd