QuickNotes displaying for all Authenticated Users

Jun 26, 2012 at 9:38 PM

Something you may have already known, but the QuickNotes module displays for all authenticated users in v2.6 out-of-the-box.  Wrapping QuickNotes instantiation in a Security.IsAuthorizedTo() is only partially effective for multiple blogs, since if a user has Rights in ANY blog he sees the QuickNotes Module on all blogs...

public QuickNotes(string user)
{
    if (Security.IsAuthorizedTo(Rights.CreateNewPosts))
    {
        author = user;
        cacheKey = user + "_" + "QuickNotes";
        cacheKeySettings = user + "_" + "QuickSettings";
    }
}

Coordinator
Jun 26, 2012 at 10:22 PM
Edited Jun 26, 2012 at 10:37 PM

Are you sure? Just checked it running 2.6.0.7, logged into one blog and it only shows me q-notes for this blog, not others. Which is what it supposed to, because that cache key used withing cache for current instance:

 

if (Blog.CurrentInstance.Cache[cacheKey] == null)
{
	var n = BlogService.FillQuickNotes(author);
	Blog.CurrentInstance.Cache[cacheKey] = n;
}
return (List<QuickNote>)Blog.CurrentInstance.Cache[cacheKey];

 

And then it uses current instance along with user id in the service:

 

.Where(s => s.Author == userId && s.BlogId == Blog.CurrentInstance.Id)

Also checked updates between 2.6 and 2.6.0.7 and nothing seems to change for notes.

Jun 27, 2012 at 1:36 AM

Rtur,

I'll spend a little more time on it, but yeah, I'm sure about it's behavior.  Will post any updates.

Thanks,
Dave