Closed Selichio closed 6 years ago
stale[bot]
commented
6 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
stale[bot]
commented
6 years ago This issue has been closed due to continued inactivity. Thank you for your understanding. If you believe this to be in error, please contact one of the code owners, listed in the CODEOWNERS file at the top-level of this repository.
Selichio
commented
6 years ago ?
Hello guys,
I just tried this example, because I have a similar use case. After testing it, I found some little confusing things - looks like a bug to me.
Here my explantation: In the case, John creates another project (3) and is the owner and solo member, Jane also granted to get informations about the project 3 using the REST Endpoint for it (/api/projects/3...).
In my use case (and I think in this too), this should forbidden, because Jane is only a Member of the first project and not in the third one.
Hope you understand my explantation - Greetings :)