Uploaded image for project: 'Hawkular'
  1. Hawkular
  2. HAWKULAR-868

Organization users list is visible to user not belonging to it

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 1.0.0.Alpha 9
    • 1.0.0.Alpha7
    • _am_uncertain
    • None

    Description

      In case a user gets the link to an organization membership page, he can see the members even if he doesn't belong to it. This should not be possible.

      A scenario which shows it:
      1. Login with jdoe, create an organization, go to it's members list page.
      2. Sign out
      3. Sign in with a different user which doesn't belong to the organization. After logging in, the user lands on the organization membership page, seeing the members.

      This can also happen with sharing the link directly of course, but the above scenario shows how it can happen without intention.

      Attachments

        Activity

          People

            jpkroehling@redhat.com Juraci Paixão Kröhling (Inactive)
            alexandrem_jira Alexandre Mendonça (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: