[FIX] website_slides: do not allow fullscreen to bypass ACLs
Currently fullscreen takes all information from categorized slides to display its menu. In order to avoid calls to server some information is prepared in DOM to speedup loading. It means slide information is available even when not being member of a course which leads to some content leak. This commit fixes that by correctly checking that a slide can be accessed before allowing to have access to its information and embedded code. Access of a slide is either member of a course, either course publisher. Task 2058595 (eLearning v13 testing) Task 2064112 (fullscreen bug report)
Showing
- addons/website_slides/static/src/js/slides_course_fullscreen_player.js 7 additions, 5 deletions...e_slides/static/src/js/slides_course_fullscreen_player.js
- addons/website_slides/views/website_slides_templates_lesson.xml 15 additions, 5 deletions.../website_slides/views/website_slides_templates_lesson.xml
- addons/website_slides/views/website_slides_templates_lesson_fullscreen.xml 18 additions, 3 deletions...ides/views/website_slides_templates_lesson_fullscreen.xml
Loading
Please register or sign in to comment