Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-715

secure member search and sort

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Invalid
    • Affects Version/s: 2.0.1
    • Fix Version/s: 2.0.2
    • Component/s: API
    • Labels:
      None

      Description

      search searching for a member of a group using the member search and sort, you shouldnt be able to see groups you cannot VIEW (or privs which imply VIEW). It now takes the GrouperSession into account when searching and wont return groups which the user isnt allowed to see. Note, we need to somehow allow the user to securely search for them though... under discussion...

        Activity

        Hide
        mchyzer Chris Hyzer added a comment -

        This is not true, if you can READ a group, then you will be able to VIEW all its members implicitly, even if you dont have that privilege on the member group object

        Show
        mchyzer Chris Hyzer added a comment - This is not true, if you can READ a group, then you will be able to VIEW all its members implicitly, even if you dont have that privilege on the member group object

          People

          • Assignee:
            mchyzer Chris Hyzer
            Reporter:
            mchyzer Chris Hyzer
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: