google-code-export / cpassman

Automatically exported from code.google.com/p/cpassman
0 stars 0 forks source link

Restricted Items Still Can be Umasked via Find #243

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1.Make item restricted to a role
2.Have a user with access to the folder but not part of the role search for the 
restricted item
3.Have user not part of the role click on the result from the search to 
navigate to the item
4.User that is not part of the role can unmask the item

What is the expected output? What do you see instead?
Expected output would be regardless if a user has access to a folder, if they 
are not part of the role then they should not be able to view items restricted 
to the role.

Instead my test user was able to search and find the restricted item (which is 
ok) but they are able to click on the key to navigate directly to the item and 
unmask it.

However, if they go directly to the item in the folder (not search) then they 
are not able to view it which is the expected result

What version of the product are you using?

Teampass 2.1.3

On what operating system? With what Browser (IEx, FFx, ...)
IE8, FF8

Please provide any additional information below.

I believe the simplest solution would be to just make restricted items not even 
show up in the search at all if the user account does not match the rules for 
that restriction. Similar to personal folder items. For example, personal 
folder items do not show up in search results for other users which perhaps is 
how it should be for restricted items.

Original issue reported on code.google.com by hexxamil...@gmail.com on 19 Jan 2012 at 4:38

GoogleCodeExporter commented 9 years ago
Hi there,
Ok corrected in next 2.1.4.
Thanks

Original comment by nils.cpa...@gmail.com on 5 Feb 2012 at 5:24

GoogleCodeExporter commented 9 years ago
Awesome!

Original comment by hexxamil...@gmail.com on 6 Feb 2012 at 12:02