Recent files
Securing automatic alerts
So far, YACS handled separately automatic alerts and access rules to sections.
In some occasions, this simplicity means that non-authorized persons may receive alert messages related to content they have no access to.
The following example illustrates the issue:
When Bob posts a new article in section B, Alice receives a notification about it, even if she is not allowed to access the page afterwards.
With the new version YACS checks access rights to items before sending notifications. In the following example, only editors of section B would be considered, and Alice would not receive a notification anymore.
This enhancement will be integrated in the final 8.1 version, due end of January.
In some occasions, this simplicity means that non-authorized persons may receive alert messages related to content they have no access to.
The following example illustrates the issue:
- a section A is created, with public access granted to the community, and Alice put it on her watch list
- a private section B is created below A, with access granted only to Bob
When Bob posts a new article in section B, Alice receives a notification about it, even if she is not allowed to access the page afterwards.
With the new version YACS checks access rights to items before sending notifications. In the following example, only editors of section B would be considered, and Alice would not receive a notification anymore.
This enhancement will be integrated in the final 8.1 version, due end of January.
Add a commentRate this page
Posted by Bernard on Jan. 27, (popular)
