Settings & Requests Controls Mistakenly Visible
Where: testing at we.riseup.net (August 17th, 2009).
Summary: The controls 'settings' and 'requests' for managing a committee (or a coordinating council) are exposed to users that do not permission to use these controls.
Details: A user can visit the public profile of a committee (or a coordinating council) and IF council membership is set to be publicly visible, then visiting user is also provided 'settings' and 'requests' controls (however these controls are non-functional). Note: this is true when user is NOT member of group associated with committee or council.
Example: This public page (https://we.riseup.net/bluestockings+collective) leads to membership list (https://we.riseup.net/groups/memberships/list/bluestockings+collective) where user is offered controls to which user does NOT have permission.
Expected: controls are NOT visible if non-functional.
Original Report: For groups moderated (with a coordinating council). Members not part of the council can still see the send invites and see request links under the members. They can not use them (says permission denied) but we can still see them. Please take them out Thanks!