-
Notifications
You must be signed in to change notification settings - Fork 187
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Activities. Any user can get the resource's activities using the file-id #9860
Labels
Comments
This was referenced Sep 12, 2024
I prioritized as prio2 because IMHO it's the security hole |
Steps:
expected: 403 error Actual: einstein can see all action of the admin personal space 🤯 |
ScharfViktor
added
the
Priority:p1-urgent
Consider a hotfix release with only that fix
label
Sep 18, 2024
github-project-automation
bot
moved this from Prio 1
to Done
in Infinite Scale Team Board
Sep 18, 2024
This was referenced Sep 18, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Similar to: #9849
Steps to reproduce
create a folder as
alice
useras
alice
, create some files and perform some actions (edit/delete) in folderas
demo
user, check the folder activities using resource(folder) id with cURL request:Expected behavior
Expected not to get the list of activities when requested by random user.
Actual behavior
Gets the list of all the activities in the folder.
The text was updated successfully, but these errors were encountered: