Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Inactive
    • Affects Version/s: 6.0.12 EE
    • Fix Version/s: None
    • Component/s: User Management
    • Environment:
      win 7, mysql, tomcat bundle
    • Fix Priority:
      2

      Description

      Currently, the User Exporter exports ALL users, no matter which users the current user is allowed to see in the control panel.
      Steps:

      • Create user: exporttest
      • Create user: random user
      • Create role: allowexport, assign permission: Portal -> General -> Export User
      • Create organization: exporttestorg
      • Assign user exporttest to organization exporttestorg
      • Make user exporttest organization administrator
      • Login with user exporttest
      • Access control panel via <host>/group/control_panel, click on Users
      • User exporttest only sees himself. (Because of organization membership, he only sees users of his organization)
      • Click Export Users
      • Open resulting csv file and see all users in the file

      This violates view permissions established by organization membership.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                1 year, 48 weeks, 2 days ago