Grouper
  1. Grouper
  2. GRP-715

secure member search and sort

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Invalid
    • Affects Version/s: 2.0.1
    • Fix Version/s: 2.0.2
    • Component/s: API
    • Labels:
      None

      Description

      search searching for a member of a group using the member search and sort, you shouldnt be able to see groups you cannot VIEW (or privs which imply VIEW). It now takes the GrouperSession into account when searching and wont return groups which the user isnt allowed to see. Note, we need to somehow allow the user to securely search for them though... under discussion...

        Activity

        Hide
        Chris Hyzer added a comment -
        This is not true, if you can READ a group, then you will be able to VIEW all its members implicitly, even if you dont have that privilege on the member group object
        Show
        Chris Hyzer added a comment - This is not true, if you can READ a group, then you will be able to VIEW all its members implicitly, even if you dont have that privilege on the member group object

          People

          • Assignee:
            Chris Hyzer
            Reporter:
            Chris Hyzer
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: