search

passbolt / passbolt_api

Passbolt Community Edition (CE) API. The JSON API for the open source password manager for teams!
https://passbolt.com
GNU Affero General Public License v3.0
4.54k stars 298 forks source link

Sharing folders leads to issues when the owner is removed while promoting another user as the new owner #503

Open remote-tty1 opened 8 months ago

remote-tty1 commented 8 months ago

Platform info

Passbolt Version affected: v4.4.2 Platform: Docker (passbolt docker image nonroot ce) Database server: MariaDB 10.11.5

How to reproduce:

  1. Share a multilevel folder tree directly from the root folder, for example:

    • company01 <-- folder with subfolders

      • administration <-- folder with credentials
      • itops <-- folder with credentials
      • devs <-- folder with credentials
      • top_management <-- folder with credentials

      User A is the sole owner of the root folder, no one else has access.

  2. Now share the root folder (company01 in the previous example) with user B and while doing so promote user B as the new Owner and remove user A from the list

  3. Now log in to user B account, you will see that all the credential objects are now under the "all items" section and the folders on the left are all on one level with no credentials in them like this:

    • company01
    • administration
    • itops
    • devs
    • top_management

What I would expect:

stripthis commented 8 months ago

Thanks for the report, we'll look into it.

pbek commented 4 months ago

Owners should only be removed by other Owners and cannot remove themselves (not a bad practice IMHO)

This just happened to me! I removed myself in the UI and don't even know how this happened!

I opened https://github.com/passbolt/passbolt_api/issues/516 for this...