You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm not sure how the cbox sql share manager is being used and I didn't actually verify my suspicion, but I believe the share manager doesn't properly distinguish between user and group shares when querying the received shares in https://github.com/cs3org/reva/blob/master/pkg/cbox/share/sql/sql.go#L331.
Looking at the query the share manager seems to return group shares to a user with the same name as the group even if the user is not part of the group and vice versa.
I'm not sure about the practical implications but it does look like a bug to me.
The text was updated successfully, but these errors were encountered:
@labkode the problem I was trying to highlight was that a if a user manages to sign up with the username "managers" they would see the "mangers" group share in their list of shares because the query compares the share_with field with both the username and the group names without taking the share type into account.
Does that make sense?
I'm not sure how the cbox sql share manager is being used and I didn't actually verify my suspicion, but I believe the share manager doesn't properly distinguish between user and group shares when querying the received shares in https://github.com/cs3org/reva/blob/master/pkg/cbox/share/sql/sql.go#L331.
Looking at the query the share manager seems to return group shares to a user with the same name as the group even if the user is not part of the group and vice versa.
I'm not sure about the practical implications but it does look like a bug to me.
The text was updated successfully, but these errors were encountered: