Forum .LRN Q&A: Re: what is the privilege structure of dotLRN?

Collapse
Posted by Lars Pind on
Deidre,

I've fixed bug #214:

https://openacs.org/bugtracker/openacs/bug?bug%5fnumber=214

so that the 'read_private_data' flag is now consistently a per-user flag, not per-user-per-community.

Can you please verify that this is the intended behavior for now?

There's still a bug that users can get to the private data through URL surgery, but I don't see any solution to that other than either a major hack or a major redesign.

https://openacs.org/bugtracker/openacs/bug?bug%5fnumber=375

/Lars