security problem when access to individual social node
|Target version:||Bugs 1.2|
when you access to a social node using node get_data, get_image, etc, methods, LGS does not control if the viewer has access (privacy) to this information.
The only privacy the system have into account is getting the dictionary (fields) information. This is not enough, because there is only privacy for location fields, and other users could access to the rest of node information. You shouldnt even have the node, if you dont have perms.
When you make a search into a layer, there is no problem, because the system uses SQL queries that have into account the nodes visible for the viewer. Of course, after the search, it also uses the dictionary fields privacy.