Hi. I just found a wierd problem.
A user edit his profile fields and set some ones with any specific access, i.e. only for friends. When he logs off, all fields metadata are updated to public access (id=2). It is done when $user->save() is called. If I comment out that line on logout, the right access is preserved, but when the user login again, login() also call $user->save() with the same result.
I am trying to follow the stack of functions calls but it's very complicated, may be you know how this works.
Thanks in advance.
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
- morgar@morgar
morgar - 0 likes
You must log in to post replies.I found the guilty one, it's me :)
I'm calling login() before the plugins are loaded. If metadata is not marked as 'independent', their access_id are reset to the owner object access_id (I don't know why). Profile fields are set as 'independent' when the profile plugin is loaded, but the update was done before that.
I suspected it was a problem of sequence but now I don't know how to change it!