private groups bulletin visible even by guests

8 years 8 months ago #147218 by sorema
the private groups seem to be not so private.. :(
i've noticed bulletins can be visible event to guest following the link like

www.mywebsite.com/index.php?option=com_groupjive&action=gj.core.bulletin.showfullmessage&idm=***&groupid=***

the bulletin is perfectly visible even if you are not a member of that private group.
i need to solve this bug.. please help..
there's a way to add a control in showfullmessage file to check if user is member of the group or not?
thank you
8 years 8 months ago #147264 by krileon
You can try editing the core, but GJ 1.8.x is end-of-life. All development is focused on the release of GJ 2.0. The following edit will add a user check to the bulletins view.

IN: components/com_groupjive/gj/core/bulletin.php
ON: Line 296
FROM:
[code:1]
$_GJ_TEMPLATES->addContent( $tmpl->getParsedTemplate( 'bulletin' ), 'center' );
[/code:1]
TO:
[code:1]
if ( checkuseractive( $gid, $_CB_framework->myId() ) || ismoder( $gid, $_CB_framework->myId() ) ) {
$_GJ_TEMPLATES->addContent( $tmpl->getParsedTemplate( 'bulletin' ), 'center' );
}

[/code:1]


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Templates - CBSubs - Hosting - Forge - Incubator - GroupJive
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM EST to 4:00 PM EST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
8 years 8 months ago #147271 by sorema
i dont'have those lines in my core/bulletin.php file
on line 296 i have the end of a query:

[code:1]

$query = 'SELECT a.*'
. ', DATE_FORMAT( ' . $_CB_database->NameQuote( 'date_bul' ) . ', ' . $_CB_database->Quote( $gjConfig ) . ' ) AS date_bul'
. ', ' . $name . ' AS author_name'
. "\n FROM " . $_CB_database->NameQuote( '#__gj_bul' ) . " AS a"
. "\n INNER JOIN " . $_CB_database->NameQuote( '#__gj_groups' ) . " AS b"
. ' ON a.' . $_CB_database->NameQuote( 'group_id' ) . ' = b.' . $_CB_database->NameQuote( 'id' )
. "\n INNER JOIN " . $_CB_database->NameQuote( '#__gj_grcategory' ) . " AS c"
. ' ON b.' . $_CB_database->NameQuote( 'category' ) . ' = c.' . $_CB_database->NameQuote( 'id' )
. "\n INNER JOIN " . $_CB_database->NameQuote( '#__users' ) . " AS d"
. ' ON a.' . $_CB_database->NameQuote( 'author_id' ) . ' = d.' . $_CB_database->NameQuote( 'id' )
. "\n WHERE a." . $_CB_database->NameQuote( 'group_id' ) . " = " . (int) $gid
. "\n AND c." . $_CB_database->NameQuote( 'access' ) . " <= " . (int) $_CB_framework->myCmsGid()
. "\n AND c." . $_CB_database->NameQuote( 'published' ) . " = 1"
. "\n ORDER BY a." . $_CB_database->NameQuote( 'id' ) . " DESC"
. "\n LIMIT " . (int) $gjConfig;
[/code:1]

i found a little bit above, this part..maybe the check should be done here?
[code:1]

if ( ! ismoder( (int) $bul->group_id, $myId ) && ! $admin && ( $myId != (int) $bul->author_id )) {
HTML_wg::errorpage( GJ_NOT_MODER, null, (int) $bul->group_id, 'error' );
return;
}
[/code:1]

thanks for the answer i'll look forward for next releae of gj2.0 if it's possible, meanwhile, to solve this problem for my large community.. they love to use gj and were not very happy with me, for this bug..
:blush:
thank you again!!
8 years 8 months ago #147325 by krileon
The lines may not match up 100%, but you should place the check at the same code. Altering other lines could have other adverse affects.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Templates - CBSubs - Hosting - Forge - Incubator - GroupJive
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM EST to 4:00 PM EST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
8 years 8 months ago #147334 by sorema
no..there are NOT in that file such lines.. here's my code, nothing matches with the code you wrote..
i'm using gj 1.8.1 no such lines in bulletin.php

:(
8 years 8 months ago #147343 by sorema
found it in groupjive.html.php file :)
i'll do test and see if it's working.
Moderators: beatnantkrileon
Time to create page: 0.387 seconds
Facebook Twitter Google LinkedIn