MantisBT - Piwigo
View Issue Details
0002977Piwigoalbumspublic2013.10.18 22:482013.10.18 23:03
plg 
plg 
normalminoralways
closedfixed 
2.5.2 
2.5.32.5.3 
any
Apache 1.3.x
0002977: move a public album into a private album may create inconsistent permissions
It is not easy to reproduce, here is a scenario:

1) create album "A" and set it as private, permitted to nobody
2) create album "A1", set it as private, permitted to "user1"
3) edit permissions of A1, don't remove "user1" and set is as "public"
4) move A1 into A

now A is permitted to nobody and A1 is permitted to user1, which is inconsistent. If album A1 is permitted to user1, then A should also be.
No tags attached.
Issue History
2013.10.18 22:48plgNew Issue
2013.10.18 22:48plgStatusnew => assigned
2013.10.18 22:48plgAssigned To => plg
2013.10.18 22:48plgbrowser => any
2013.10.18 22:48plgWeb server => Apache 1.3.x
2013.10.18 22:56svnCheckin
2013.10.18 22:56svnNote Added: 0007150
2013.10.18 23:02svnCheckin
2013.10.18 23:02svnNote Added: 0007151
2013.10.18 23:03plgStatusassigned => closed
2013.10.18 23:03plgResolutionopen => fixed
2013.10.18 23:03plgFixed in Version => 2.5.3

Notes
(0007150)
svn   
2013.10.18 22:56   
[Subversion] r24986 by plg on branch 2.5

-----[Subversion commit log]----------------------------------------------------
bug 2977 fixed: when moving an album, whatever the previous status
private/public we must remove irrelevant permissions (a public album
can have hidden permission, ie list of groups/users permitted). I've
also found a bug in the algorithm that selects users/groups to delete
(reverse parameters in array_diff).
(0007151)
svn   
2013.10.18 23:02   
[Subversion] r24987 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
merge r24986 from branch 2.5 to trunk

bug 2977 fixed: when moving an album, whatever the previous status
private/public we must remove irrelevant permissions (a public album
can have hidden permission, ie list of groups/users permitted). I've
also found a bug in the algorithm that selects users/groups to delete
(reverse parameters in array_diff).