I'm in the process of running tests on this module before I fully configure it.
I created 2 user groups
A
B
I created two users and put one in each group
I then created a parent category and 2 child categories in phoca, one set to group A, one set to group B
I uploaded a file to each group then logged in with each user to check them. I noticed the following:
1. for some reason my site was not set to allow login. No idea why, but before I realized what the problem was, I screwed with group B's settings quite a bit. Put him in public, out of public, everywhere, trying to figure out why he couldn't log in.
2. After I sorted that, I returned group B to exactly as it was before it started, in terms of view permission, etc.
Logging in worked and the users could see their files, but group A, and logged out public users can fully access group Bs files. Group As files are properly secured.
I double checked group B, he is not set for public view. nor should group A be allowed to see his stuff either. I also double checked Phoca Download's settings, and the category is properly set for Group B, and public is not allowed to view that category.
Any ideas what is going on here? I thought maybe it was a caching issue. but I'm not sure how to clear this. The Joomla cache seems to already be empty.
I'm fully logged out, yet I can see group B's category and even go in and download the file.
[edit]
Not sure what the issue was, I solved it by deleting the access group and recreating it with the exact same parameters and it works fine.
Security messed up
-
Jan
- Phoca Hero
- Posts: 48610
- Joined: 10 Nov 2007, 18:23
- Location: Czech Republic
- Contact: