Forum .LRN Q&A: Re: what is the privilege structure of dotLRN?

Posted by Lars Pind on

I've fixed bug #214:

so that the 'read_private_data' flag is now consistently a per-user flag, not per-user-per-community.

Can you please verify that this is the intended behavior for now?

There's still a bug that users can get to the private data through URL surgery, but I don't see any solution to that other than either a major hack or a major redesign.