We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Similar to: #9849
create a folder as alice user
alice
as alice, create some files and perform some actions (edit/delete) in folder
as demo user, check the folder activities using resource(folder) id with cURL request:
demo
curl 'https://localhost:9200/graph/v1beta1/extensions/org.libregraph/activities?kql=itemid%3A{folder-fileid}' \ -udemo:demo -vk | jq
{"value": [ { ... # activities } ]}
Expected not to get the list of activities when requested by random user.
Gets the list of all the activities in the folder.
The text was updated successfully, but these errors were encountered:
I prioritized as prio2 because IMHO it's the security hole
Sorry, something went wrong.
Steps:
admin
f1
einstein
spaceuuid
curl 'https://localhost:9200/graph/v1beta1/extensions/org.libregraph/activities?kql=itemid%3A{spaceUUId}' \ -ueinstein:relativity -vk | jq
expected: 403 error
Actual: einstein can see all action of the admin personal space 🤯
Successfully merging a pull request may close this issue.
Similar to: #9849
Steps to reproduce
create a folder as
alice
useras
alice
, create some files and perform some actions (edit/delete) in folderas
demo
user, check the folder activities using resource(folder) id with cURL request:Expected behavior
Expected not to get the list of activities when requested by random user.
Actual behavior
Gets the list of all the activities in the folder.
The text was updated successfully, but these errors were encountered: