(bug): users which have been removed from a group can still post if they don't refresh
Summary
Users which have been removed from a group can still post if they don't refresh.
Steps to reproduce
- Create a group with your primary account.
- Have your secondary account join the group.
- Have your primary account remove your secondary account from the group.
- Without refreshing, have your secondary account create a post in the group.
Platform information
Chrome/Win10
What is the current bug behavior?
Users which have been removed from a group can still post if they don't refresh.
What is the expected correct behavior?
Users which have been removed from a group but haven't refreshed yet should get an error message if they try to post, comment or vote on a post in the group.
Relevant logs and/or screenshots
(Paste any relevant logs - please use code blocks (```) to format console output, logs, and code as it's very hard to read otherwise.)
Possible fixes
(If you can, link to the line of code that might be responsible for the problem)
added 1 - High P - Groups T - Bug labels
assigned to @benhayward.ben
changed weight to 5
unassigned @benhayward.ben
DeveloperI think that this can be fixed in the function interact, at ln:194 of engine/Core/Security/ACL.php. Need to add a check that the user is not banned from posting.
Edited by Ben Haywardassigned to @benhayward.ben
changed milestone to %sprint: QA
added S - Backlog label
changed milestone to %sprint: Remind
changed milestone to %sprint: Subscribers
added S - InProgress label and removed S - Backlog label
added S - Review label and removed S - InProgress label
mentioned in merge request !161 (closed)
Owner@benhayward.ben can you replicate this issue on production?
- Developer
@markeharding No I cannot now, but could at the time. closing this and the above MR.
closed