Mahara

Publicaly viewable group with submissions

Bug #1745278 reported by Ghada El-Zoghbi on 2018-01-25

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Fix Released	Medium	Ghada El-Zoghbi	Mahara 18.04.0

Bug Description

Mahara: 17.10.2 (2017092611)
OS: Linux 16.04 (php 7)
DB: Postgres
Browser: FF && Chrome (any)

When a group is created with the following settings:

* Allow submissions = Yes
* Publicly viewable group = Yes

When a user who is not logged in tries to view this group (i.e. because they know the URL), they get the following error:

[WAR] 75 (lib/user.php:1943) Undefined variable: id

Call stack (most recent first):
log_message("Undefined variable: id", 8, true, true, "/var/www/clients/mahara/htdocs/lib/user.php", 1943) at /var/www/clients/mahara/htdocs/lib/errors.php:521
error(8, "Undefined variable: id", "/var/www/clients/mahara/htdocs/lib/user.php", 1943, array(size 4)) at /var/www/clients/mahara/htdocs/lib/user.php:1943
profile_url(false, false) at /var/www/clients/mahara/htdocs/lib/view.php:6164
View->get_url(false) at /var/www/clients/mahara/htdocs/lib/view.php:5571
View::get_extra_view_info(array(size 1), false, false) at /var/www/clients/mahara/htdocs/lib/view.php:6388
View::get_views_and_collections(0) at /var/www/clients/mahara/htdocs/lib/group.php:1496
group_view_submission_form("50") at /var/www/clients/mahara/htdocs/blocktype/groupviews/lib.php:424
PluginBlocktypeGroupViews::get_data("50", false) at /var/www/clients/mahara/htdocs/blocktype/groupviews/lib.php:104
PluginBlocktypeGroupViews::render_instance(object(BlockInstance)) at /var/www/clients/mahara/htdocs/lib/mahara.php:1789
call_static_method("PluginBlocktypeGroupviews", "render_instance", object(BlockInstance)) at /var/www/clients/mahara/htdocs/blocktype/lib.php:1041
BlockInstance->render_viewing(false) at /var/www/clients/mahara/htdocs/lib/view.php:2159
View->build_column(1, 1, false, false) at /var/www/clients/mahara/htdocs/lib/view.php:2113
View->build_columns(1, false, false) at /var/www/clients/mahara/htdocs/lib/view.php:2098
View->build_rows() at /var/www/clients/mahara/htdocs/group/view.php:68

[WAR] 75 (lib/user.php:1947) profile_url called with no user id
Call stack (most recent first):
profile_url(false, false) at /var/www/clients/mahara/htdocs/lib/view.php:6164
View->get_url(false) at /var/www/clients/mahara/htdocs/lib/view.php:5571
View::get_extra_view_info(array(size 1), false, false) at /var/www/clients/mahara/htdocs/lib/view.php:6388
View::get_views_and_collections(0) at /var/www/clients/mahara/htdocs/lib/group.php:1496
group_view_submission_form("50") at /var/www/clients/mahara/htdocs/blocktype/groupviews/lib.php:424
PluginBlocktypeGroupViews::get_data("50", false) at /var/www/clients/mahara/htdocs/blocktype/groupviews/lib.php:104
PluginBlocktypeGroupViews::render_instance(object(BlockInstance)) at /var/www/clients/mahara/htdocs/lib/mahara.php:1789
call_static_method("PluginBlocktypeGroupviews", "render_instance", object(BlockInstance)) at /var/www/clients/mahara/htdocs/blocktype/lib.php:1041
BlockInstance->render_viewing(false) at /var/www/clients/mahara/htdocs/lib/view.php:2159
View->build_column(1, 1, false, false) at /var/www/clients/mahara/htdocs/lib/view.php:2113
View->build_columns(1, false, false) at /var/www/clients/mahara/htdocs/lib/view.php:2098
View->build_rows() at /var/www/clients/mahara/htdocs/group/view.php:68

Because the group is submittable, the application is trying to retrieve a list of submitted pages/collections to this group.

A check is required to ensure the user is logged in before it retrieves this data.

Ghada El-Zoghbi (ghada-z) on 2018-01-25

Changed in mahara:
assignee:	nobody → Ghada El-Zoghbi (ghada-z)

Kristina Hoeppner (kris-hoeppner) on 2018-02-09

Changed in mahara:
status:	New → Confirmed
importance:	Undecided → Medium

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2018-03-06: A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/8578

Revision history for this message

Kristina Hoeppner (kris-hoeppner) wrote on 2018-03-07:

It should also be checked that there is no error message when a user tries to view the group homepage when she's neither the admin / tutor of the group nor submitted a portfolio to it as she shouldn't see anything then either.

Changed in mahara:
status:	Confirmed → In Progress
milestone:	none → 18.04.0

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2018-03-08: A change has been merged

Reviewed: https://reviews.mahara.org/8578
Committed: https://git.mahara.org/mahara/mahara/commit/65f6e575b43023461772ec344b71a2efe67840ee
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 65f6e575b43023461772ec344b71a2efe67840ee
Author: Ghada El-Zoghbi <email address hidden>
Date: Thu Jan 25 14:15:15 2018 +1100

Bug 1745278: check user is logged in for publicly viewable groups

When a group is public and allows submissions, we need to check
that the user is logged in before retrieving the list of
sumibtted pages/collections to the group.

Sponsored by The Australian National University
behatnotneeded

Change-Id: Id8aeffea12aa36f27122069f9372fcb7b9ed95c5

Robert Lyon (robertl-9) on 2018-03-08

Changed in mahara:
status:	In Progress → Fix Committed

Robert Lyon (robertl-9) on 2018-04-05

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.