Blog Documentation Try Vanilla Cloud
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

Bug in user permissions new conversations

steamsteam www.planamigo.org - #1 foro planes amigo
edited September 2016 in Vanilla 2.0 - 2.8

Hi,

I have Unconfirmed user rol. Users must confirm their emails before becoming full members.
On admin Dashboard this rol doesn't have Conversations checked.

Unconfirmed user can see "Message" boton in other members profile and when it clicking has page not found.

I think this boton user doesn't have to see like doesn't see boton add discussion.

Is there event something like MessagesController Before Add Handler ? To control shown form to Unconfirmed user

Tagged:

Comments

  • Options
    RiverRiver MVP
    edited September 2016

    @steam said:
    Hi,

    I have Unconfirmed user rol. Users must confirm their emails before becoming full members.
    On admin Dashboard this rol doesn't have Conversations checked.

    Unconfirmed user can see "Message" boton in other members profile and when it clicking has page not found.

    I think this boton user doesn't have to see like doesn't see boton add discussion.

    it has been fixed in the master regarding the display of button,

    https://github.com/vanilla/vanilla/blob/master/applications/conversations/settings/class.hooks.php#L102

    was:
    if (!$Sender->EditMode && Gdn::session()->isValid() && Gdn::session()->UserID != $Sender->User->UserID) {

    should be:

    if (!$Sender->EditMode &&
 Gdn::session()->UserID != $Sender->User->UserID &&
 Gdn::session()->checkPermission('Conversations.Add')
 ) {

    Pragmatism is all I have to offer. Avoiding the sidelines and providing centerline pro-tips.

Sign In or Register to comment.