Affects Version/s: 6.0.12 EE
Fix Version/s: None
Environment:win 7, mysql, tomcat bundle
Similar Issues:Show 4 results
LPS-40484 WebDAV doesn't adhere to document library permission rules in resource-action-mapping LPS-14143 Created User does not adhere to the restrictions of Sample Drools Portlet LPS-37994 User with a required permissions is unable to Export/Import LPS-39552 Duplicate Blogs: View permissions in User permissions.
Currently, the User Exporter exports ALL users, no matter which users the current user is allowed to see in the control panel.
- Create user: exporttest
- Create user: random user
- Create role: allowexport, assign permission: Portal -> General -> Export User
- Create organization: exporttestorg
- Assign user exporttest to organization exporttestorg
- Make user exporttest organization administrator
- Login with user exporttest
- Access control panel via <host>/group/control_panel, click on Users
- User exporttest only sees himself. (Because of organization membership, he only sees users of his organization)
- Click Export Users
- Open resulting csv file and see all users in the file
This violates view permissions established by organization membership.