You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If I change album permissions for a user group, e.g. make a sub-album private, I can do that via the admin panel -> Users -> Groups -> Manage permissions. The issue is that the album doesn't actually become private. It is still visible to users from that group. However, it will be private to newly registered users that by default belong to that group. So you end up with users belonging to the same user group seeing different things, maybe even albums that you want to be private. This is a bit of a serious security issue.
The workaround is moving the whole album to the 'Forbidden' section and then moving the ones that you want to make public back to the 'Authorized' section. This is not clear at all that this is how it works and now I wonder how many albums in my gallery are public to certain user groups when they should be private....
The text was updated successfully, but these errors were encountered:
Hello
That's concerning.
could you provide a step by step procedure to reproduce with urls of the pages. That's the best way to be sure there is no misunderstanding. Thank you
If I change album permissions for a user group, e.g. make a sub-album private, I can do that via the admin panel -> Users -> Groups -> Manage permissions. The issue is that the album doesn't actually become private. It is still visible to users from that group. However, it will be private to newly registered users that by default belong to that group. So you end up with users belonging to the same user group seeing different things, maybe even albums that you want to be private. This is a bit of a serious security issue.
The workaround is moving the whole album to the 'Forbidden' section and then moving the ones that you want to make public back to the 'Authorized' section. This is not clear at all that this is how it works and now I wonder how many albums in my gallery are public to certain user groups when they should be private....
The text was updated successfully, but these errors were encountered: