RBAC control to deny user password copy is not working.

passbolt / passbolt_api

Passbolt Community Edition (CE) API. The JSON API for the open source password manager for teams!

https://passbolt.com

GNU Affero General Public License v3.0

4.73k stars 311 forks source link

RBAC control to deny user password copy is not working. #505

Closed abhi-bay closed 10 months ago

abhi-bay commented 11 months ago

ISSUE NAME: RBAC control to deny user password copy is not working.

Passbolt Version: V 4.4.2

What you did

In RBAC, under Passwords, I set "can copy" value to Deny for user.

What happened

Through the browser extension as well as through the UI, I am able to click on the password to copy it to clipboard.

What you expected to happen

Setting "Can copy" to Deny for a user should mean that the user cannot copy the password to clipboard. Note that deny for "Can Preview" works just fine. But deny for "Can copy" does not work as expected.

ishanvyas22 commented 11 months ago

Hey @abhi-bay, thanks for reporting the issue. We have created an internal ticket(PB-29213) to investigate.

scadra commented 10 months ago

Hey @abhi-bay,

We have tried to reproduce the issue without success, can you provide more information :

Which API version are you using
Which browser version
Which Browser extension version

Thanks in advance

abhi-bay commented 10 months ago

@scadra I tried to re-create this in production, and was unable to. I am closing this issue. Thank you for checking.

Abhi

abhi-bay commented 10 months ago

closing

scadra commented 10 months ago

@abhi-bay thanks for your answer, with pleasure