user-specific content is accessible to different users with direct link

  • Resolved e dev

    (@efishinsea)


    2 years, 11 months ago

    If I create user 1 and user 2 and assign pages/files to each of them, the links to those things should only load if I am either user 1 or user 2.

    Right now, I can login as user 2 and paste a page or file link from user 1 and access pages or files that I should not be able to.

    Yes, those things do not show up in my dashboard menu for user 2, but they shouldn’t be directly accessible either. This is a flaw.

    • This topic was modified 2 years, 11 months ago by e dev.
Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Contributor Vincent Mimoun-Prat

    (@vprat)

    Hi

    You are right and on all our servers, what you describe cannot be reproduced.

    You must be having a plugin or a theme which disables our security filters.

    Please check that by disabling all other plugins and/or switching the theme to one of the defaults.

    Once you find the one causing the issue, we can investigate to see why it causes the issue.

    Regards

    Thread Starter e dev

    (@efishinsea)

    I have changed my theme to TwentyTwentyTwo and disabled ALL plugins other than yours to satisfy you, and it all still works the same way, or fails to not load content from user 1 (via direct copied and pasted link) while logged in as user 2.

    I copy a Page or File URL while logged into one browser (Firefox) for user 1:

    /customer-area/pages/my-pages/2022/04/22/test-private-page/

    and then log into a completely different browser (Chrome) as user 2 and can load the content for user 1.

    example:
    https://snipboard.io/MoWF3E.jpg

    Plugin Contributor Foobar Studio

    (@foobarstudio)

    Hi,

    We will cannot reproduce your issue over here.

    You may contact us via email (see plugin website) so that we can have a look at your development website to see what the issue could be (from your screenshot it looks like you have disabled quite a few things from the plugin: skin, and maybe some default hooks too)

    Thread Starter e dev

    (@efishinsea)

    I didn’t disable anything. That is your plugin in twentytwentytwo.

    It’s ok. I moved on to another plugin that works well for me.

    Plugin Contributor Foobar Studio

    (@foobarstudio)

    Ok. Glad you found a work around.

    Still, I cannot understand why your screenshot shows up like that (all the styles from the plugin are missing, that is not how it should look on a fresh setup).

    Have a nice day!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘user-specific content is accessible to different users with direct link’ is closed to new replies.