Fixed Permission problem

teletubbi

Well-known member
I think this might be a bug.
A user just told me about that and i can confirm it with my testusers.

I have a category with adult material.
Access only by a usergroup 18+.
This works well.

But if i go over the media in a users profilpage or card and click on his number of media i can see this pictures in the gallery like all other thumbnails doesn`t matter in what usergroup i am in.

Clicking on this thumb give a error. Don`t have permission to see it.

So in my opinion they should also not show up as thumbnails.

This is a real big problem.
I must shut down the gallery for this.
 
I still have access to your forum and the Admin CP.

If I have permission to log in as those users, let me know the names of the users affected and I'll have a look.

I just tried to reproduce something similar locally, but I couldn't.
 
I've just tested this on my site. I created a category that I only made available to a particular user group and added an image to that category. I then logged in as a test user who isn't in that user group. I was unable to see the image in that category in the media tab on the profile page by either way of accessing it as you mentioned.
 
I have an immediate fix for you:

Code:
UPDATE xengallery_media SET media_privacy = 'category' WHERE category_id > 0 AND media_privacy <> 'category'

A bit of background:

The bug actually exists in the importer whereby it imports the images with a privacy level of "public". A long time ago, all categories were public and there were no separate view permissions. More recently we set the privacy level to "category" to signify that the category permissions should take effect.

So, the above query will solve the problem. @teletubbi I have actually run this query for you so you do not need to do it yourself, but if any one else has imported from PhotoPost or XenMedio, you may need to run the query above, especially if you have any private categories.

If you do not have any private categories, there's no need to worry and this query will execute in the next upgrade along with changes to the importers to import these media items properly.
 
Could this error message be related to this issue?

Fehlerinformation
ErrorException: Fatal Error: syntax error, unexpected '{' - library/XenGallery/ControllerPublic/User.php:158
Generiert durch: Unbekanntes Benutzerkonto, Freitag um 13:21 Uhr
Stapelverfolgung
#0 [internal function]: XenForo_Application::handleFatalError()
#1 {main}
Benötigter Status
array(3) {
["url"] => string(57) "http://www.xxxxxxx.net/forums/media/users/42na.3501/"
["_GET"] => array(0) {
}
["_POST"] => array(0) {
}
}

If i open the link inside the message everything seems to be ok.
Just want to know if i can ignore and delete this message.
 
Top Bottom