By Date:	<-- -->
By Thread:	<-- -->

dyndata privileges

From: Dave Taylor <xaraya (at) phatcom.net>
Date: Mon, 06 Nov 2006 13:12:59 -0500

Tamas Dombos wrote:
> This means that for example if you store your sitecontact responses in 
> dynamic data, all users will have access to all the responses submitted 
> by others. The same is the case for articles: as soon as an item is 
> submitted, all of its hooked fields are avaiable for anyone to view 
> (even if the article itself is only submitted and not published) at 
> module=dynamicdata&func=view&objectid=<whateverid>
>
>
>
> Tamas
> _______________________________________________
> Xaraya_devel mailing list
> Xaraya_devel (at) xaraya.com
> http://xaraya.com/mailman/listinfo/xaraya_devel
>   
Thank for the tip!  I wrapped the entire module template in a  <xar:if 
 >Administration privilege check, and put the new file in 
/themes/mytheme/modules/dynamicdata/user-view.xt

Again, thanks for the tip as this exposed customer data.

Regards,

Dave
_______________________________________________
Xaraya_devel mailing list
Xaraya_devel (at) xaraya.com
http://xaraya.com/mailman/listinfo/xaraya_devel

References:
- dyndata privileges
  - From: Tamas Dombos <tdombos (at) gmail.com>

Prev by Date: XAR1 and XAR2
Next by Date: XAR1 and XAR2
Previous by thread: dyndata privileges
Next by thread: [XAR2] New implementation of Blocklayout compiler
Index(es):
- Main
- Thread