Access restrictions lost?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Access restrictions lost?

Graham Perrin
Two spam messages in a normally spam-free area caused me to review access privileges in the following areas:

<http://n2.nabble.com/catalog/WhoCanViewAndPost.jtp?app=3138168> (parent)
<http://n2.nabble.com/catalog/WhoCanViewAndPost.jtp?app=1653096> (child)
<http://n2.nabble.com/catalog/WhoCanViewAndPost.jtp?app=1653123> (grand-child)
<http://n2.nabble.com/catalog/WhoCanViewAndPost.jtp?app=1658350> (grand-child)

The last two are unrestricted, which I find extremely surprising. Possibly PEBKAM but I very much doubt that I made the chandler-dev forum, where the spam was found, a free-for-all.

Nabble, please, can you triple-check that the recent change to the UI (and the back-end) relating to access privileges is not breaking access restrictions in some cases?

Not only spam; privacy (of private forums) is a greater concern.

Thanks
Graham

Postscript: I have changed the restriction, to members only, on all three of 1653096, 1653123 and 1658350.

Screen shots prior to the change:








Reply | Threaded
Open this post in threaded view
|

Re: Access restrictions lost?

Graham Perrin
… and 1653096 (the child) was not quite as I expected.

FWIW that child features in HTTP ERROR: 500 Caused by: fschmidt.util.servlet.JtpContextServlet$JtpRuntimeException:

FWIW 3138168 (the parent) features in:

 • People at forum 3138168 lists me twice

 • All posts via Nabble forum 1653123 failing for over three days

— and the latter reminds me that the parent | child | grand-child arrangement for these OSAF forums changed significantly around the time that <http://n2.nabble.com/IETF-f3136371.html> and its children were created/arranged.
Reply | Threaded
Open this post in threaded view
|

Re: Access restrictions lost?

Graham Perrin
In reply to this post by Graham Perrin
Graham Perrin wrote
Nabble, please, can you triple-check that the recent change to the UI (and the back-end) relating to access privileges is not breaking access restrictions in some cases?
Another area that looks horribly wrong, four of four children are free-for-all and I'm 99.9% certain that I wouldn't have configured them in that way:









Reply | Threaded
Open this post in threaded view
|

possible misunderstanding

Graham Perrin
In reply to this post by Graham Perrin
Graham Perrin wrote
Two spam messages in a normally spam-free area
On closer inspection, the poster of the spam was a member with previously good posts. Suspect that the poster's account has been misused or abused.

Still, the new UI is a source of confusion …
Reply | Threaded
Open this post in threaded view
|

Re: Access restrictions lost?

Hugo <Nabble>
In reply to this post by Graham Perrin
This is a misunderstanding. Even if you see [Everyone, Everyone, Everyone] selected, the bottom block says "Use my settings, AND parent settings". So if the parent forum is private, then child forum will also be private. You break the restriction if you select "Use my settings, OR parent settings" or "Use my settings only". So you don't have to redefine everything again. Just make sure you have the "AND" option selected.