Miss_B Posted February 1, 2021 Share Posted February 1, 2021 OptimusBain 1 Link to comment Share on other sites More sharing options...
Unlucky Posted February 8, 2021 Share Posted February 8, 2021 Is there any way of including unique guest views? Link to comment Share on other sites More sharing options...
Miss_B Posted February 8, 2021 Author Share Posted February 8, 2021 58 minutes ago, Unlucky said: Is there any way of including unique guest views? Not in the current version. Link to comment Share on other sites More sharing options...
Robert Angle Posted March 9, 2021 Share Posted March 9, 2021 Security Issue! I have 2 groups that are part of my staff, the Moderators and the Administrators. Both these groups have permission to see who read topics and to see the corresponding tab on a users profile. However, the list of viewed topics on an persons profile isn't filtered by who can view a certain forum. For example, I have a private forum for Administrators that Moderators cannot see, read, or even see the topic listing. Most of them don't even know it exists. However, when a moderator looks at the "Recently Viewed" tab on an Administrators profile, they can see the titles of topics recently visited that are in the Admin-ONLY forum. Now, of course, they don't have permission to read the topic, but they now know the private admin only forum exists and can see the topic title. This could be particularly embarrassing if we had a thread titled "Moderator Ed and Moderator Suzy are crazy and should be fired". The normal function of Invision software is to only display links to topics that a person has permission to read. When you visit a profile and see a list of someone's activity, what they reacted to or what they replied to, you are only seeing reactions and replies to what you yourself can read. Your application does not filter in the same way that the Invision Power Suite does by default. This is a major problem, imo. My fix for now is to exempt Administrators from having their viewed topics logged. But if a moderator notices that admins don't have anything listed in their Recently Viewed tab on their profile page, it might look like we're hiding something and sow some discord among the staff. I hope I explained this clear enough. When a group who has permission to see the tab on profiles looks at that tab, they should only see the topic titles of topics from forums they can access, just like the default behaviour of Invision software. Link to comment Share on other sites More sharing options...
Miss_B Posted March 9, 2021 Author Share Posted March 9, 2021 (edited) 6 hours ago, Robert Angle said: Security Issue! I have 2 groups that are part of my staff, the Moderators and the Administrators. Both these groups have permission to see who read topics and to see the corresponding tab on a users profile. However, the list of viewed topics on an persons profile isn't filtered by who can view a certain forum. For example, I have a private forum for Administrators that Moderators cannot see, read, or even see the topic listing. Most of them don't even know it exists. However, when a moderator looks at the "Recently Viewed" tab on an Administrators profile, they can see the titles of topics recently visited that are in the Admin-ONLY forum. Now, of course, they don't have permission to read the topic, but they now know the private admin only forum exists and can see the topic title. This could be particularly embarrassing if we had a thread titled "Moderator Ed and Moderator Suzy are crazy and should be fired". The normal function of Invision software is to only display links to topics that a person has permission to read. When you visit a profile and see a list of someone's activity, what they reacted to or what they replied to, you are only seeing reactions and replies to what you yourself can read. Your application does not filter in the same way that the Invision Power Suite does by default. This is a major problem, imo. My fix for now is to exempt Administrators from having their viewed topics logged. But if a moderator notices that admins don't have anything listed in their Recently Viewed tab on their profile page, it might look like we're hiding something and sow some discord among the staff. I hope I explained this clear enough. When a group who has permission to see the tab on profiles looks at that tab, they should only see the topic titles of topics from forums they can access, just like the default behaviour of Invision software. Yes, you explained it very clear. I was able to reporduce it as well. I have fixed said issue and I have uploaded a new version that contains the fix. I sent it to you in private as well so you can upgrade it a.s.a.p. Thank you for reporting it. Kind regards Edited March 9, 2021 by Miss_B Link to comment Share on other sites More sharing options...
Robert Angle Posted March 12, 2021 Share Posted March 12, 2021 Thank you. The patch seems to be working. It replaces the topic titles/links they don't have permission to view with the words "content deleted". It would be nicer if it just skipped it altogether, but this is definitely better than it was. Miss_B 1 Link to comment Share on other sites More sharing options...
Adrienne Posted July 21, 2022 Share Posted July 21, 2022 When will the update for 4.7 come out? Link to comment Share on other sites More sharing options...
Robert Angle Posted July 21, 2022 Share Posted July 21, 2022 13 hours ago, Adrienne said: When will the update for 4.7 come out? I just wanted to say that the current version still works fine with 4.7 Miss_B 1 Link to comment Share on other sites More sharing options...
Adrienne Posted July 23, 2022 Share Posted July 23, 2022 On 7/21/2022 at 8:52 AM, Robert Angle said: I just wanted to say that the current version still works fine with 4.7 I can't install it with 4.7. Link to comment Share on other sites More sharing options...
Miss_B Posted July 23, 2022 Author Share Posted July 23, 2022 12 hours ago, Adrienne said: I can't install it with 4.7. What seems to be the problem? Link to comment Share on other sites More sharing options...
teraßyte Posted July 23, 2022 Share Posted July 23, 2022 4 minutes ago, Miss_B said: What seems to be the problem? The file is not marked as compatible with 4.7 in the marketplace (only 4.5 & 4.6) so it won't show up in Admin CPs running 4.7. Miss_B 1 Link to comment Share on other sites More sharing options...
Miss_B Posted July 24, 2022 Author Share Posted July 24, 2022 On 7/23/2022 at 6:15 AM, Adrienne said: I can't install it with 4.7. Hello. I have edited the app to update the version compatiility field to include the 4.7 version as well. Currently it is waiting approval. Once it gets approved you can download it from your Acp. Link to comment Share on other sites More sharing options...
iiioroh Posted October 29, 2022 Share Posted October 29, 2022 Invision Community 4.7.4 Beta 2 Error when logging in as user Miss_B 1 Link to comment Share on other sites More sharing options...
Miss_B Posted October 29, 2022 Author Share Posted October 29, 2022 10 hours ago, iiioroh said: Invision Community 4.7.4 Beta 2 Error when logging in as user I 've adjusted the code in the widget to suppress the OutOfRangeException error and uploaded the new package. Thank you for bringing this to my attention. iiioroh 1 Link to comment Share on other sites More sharing options...
Christopher Iosca Posted November 23, 2022 Share Posted November 23, 2022 I receive this error when attempting to look at users. I am in the only group approved to see this. Link to comment Share on other sites More sharing options...
Miss_B Posted November 23, 2022 Author Share Posted November 23, 2022 17 minutes ago, Christopher Iosca said: I receive this error when attempting to look at users. I am in the only group approved to see this. It looks like the permissions are not set. Can you double check them? Link to comment Share on other sites More sharing options...
Christopher Iosca Posted November 25, 2022 Share Posted November 25, 2022 Which permissions am I missing? I have the allowed group set and also I and others are in that group. Link to comment Share on other sites More sharing options...
Christopher Iosca Posted November 29, 2022 Share Posted November 29, 2022 Still need help with this. Permissions are ok per the images supplied. What am I missing? Link to comment Share on other sites More sharing options...
Miss_B Posted November 29, 2022 Author Share Posted November 29, 2022 36 minutes ago, Christopher Iosca said: Still need help with this. Permissions are ok per the images supplied. What am I missing? I can't reproduce this. Can you send me the link to your Admin Panel with an account log in info and I will look into this for you. Link to comment Share on other sites More sharing options...
Recommended Posts