Groups - memberships - events - attendances need access control

affinityworks / main

Tools for building collaborative advocacy and social change.

https://affinity.works

GNU Affero General Public License v3.0

53 stars 13 forks source link

Groups - memberships - events - attendances need access control #318

Open rabble opened 7 years ago

rabble commented 7 years ago

If a user tries to view a group, memberships, events, or attendances of a group to which they shouldn't be able to manage they should be redirected somewhere else, either to the /root with a flash message if they aren't members, or to the public member version of the page if htey are a member but not an organizer.

rabble commented 7 years ago

You only got the controls for group and attendance but didn't do it for events or membership!

matinieves commented 7 years ago

@rabble Did you tested it? Were you able to access a page you should not?