Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clear menus to invalidate auth when public mode is turned off #1097

Merged
merged 5 commits into from
Sep 18, 2024
Merged

Clear menus to invalidate auth when public mode is turned off #1097

merged 5 commits into from
Sep 18, 2024

Conversation

NikkiLacrima
Copy link
Contributor

@NikkiLacrima NikkiLacrima commented Sep 13, 2024
edited
Loading

Listening to LM_SETTING_EMPTY for "auth_public".
Uses RemoveMenuStride() to close menu listeners.

Should solve issue #1095

Basic inworld testing done and works so far.

HOW TO TEST:

Check that all normal collar menus still are working ok, with owner and a friend accessing the menus.

Set collar to public and let a co tester who is not owner try that RLV force sit works.
Then let the friend open a RLV/Forcesit meny and just keep it open.
Now change to non public, and after that the friend makes a force sit selection.

  • This should now have no effect at all, and friend have to reopen menu

For comparison try the same on a basic 8.2.3 collar

@NikkiLacrima
Merge pull request #10 from OpenCollarTeam/8.3_Features-branch
afcf5b4 
8.3 features branch
@NikkiLacrima
Merge pull request #11 from OpenCollarTeam/8.3_Features-branch
fa88090 
8.3 features branch
@NikkiLacrima
Update oc_dialog.lsl
db9a650 
Invalidate menus to force reauth when public mode is turned off.
@NikkiLacrima NikkiLacrima added 8.3 Target version 8.,3 Needs testing This issue needs volunteers to try to duplicate the error or identify a caues labels Sep 13, 2024
@Medea-Destiny
Copy link
Collaborator

Smart solution! How about we extend this with if(sStr=="auth_public" || sStr=="auth_group") to catch the same issue if authed on group and group access is removed?

For 8.4 with LSD auth levels, we can auth locally in oc_dialog listen event to provide fresh auth on each use of dialog. This current fix will mean trusted users lose active menus on changing public access which is a touch weird but a small price to pay to patch a security loophole in 8.3.

Medea-Destiny
Medea-Destiny approved these changes Sep 16, 2024
View reviewed changes
Copy link
Collaborator

@Medea-Destiny Medea-Destiny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks right to me

@Pingout
Copy link
Collaborator

Pingout commented Sep 18, 2024

Looks great.

@Pingout Pingout merged commit a15acb8 into OpenCollarTeam:8.3_Features-branch Sep 18, 2024
1 check passed
@NikkiLacrima NikkiLacrima deleted the NikkiLacrima-patch-1 branch October 11, 2024 19:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Medea-Destiny Medea-Destiny Medea-Destiny approved these changes

Assignees
No one assigned
Labels
8.3 Target version 8.,3 Needs testing This issue needs volunteers to try to duplicate the error or identify a caues
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@NikkiLacrima @Medea-Destiny @Pingout