Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Invite user" feature grants access to the default website, ignoring the selected website #19574

Closed
mattab opened this issue Jul 27, 2022 · 0 comments · Fixed by #19575
Closed

"Invite user" feature grants access to the default website, ignoring the selected website #19574

mattab opened this issue Jul 27, 2022 · 0 comments · Fixed by #19575
Assignees
@peterhashair
Labels
Bug For errors / faults / flaws / inconsistencies etc. not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org. Regression Indicates a feature used to work in a certain way but it no longer does even though it should.
Milestone
4.11.0

Comments

@mattab
Copy link
Member

mattab commented Jul 27, 2022

When inviting a user using "Invite user" feature, and selecting a website (say ID=2) in the list to grant permission,
then after clicking INVITE USER button,
we can see that the user is granted the View permission to the first website in the list, rather than the website selected.

This is a security issue and should block release until fixed.
@mattab mattab added not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org. Potential Bug Something that might be a bug, but needs validation and confirmation it can be reproduced. labels Jul 27, 2022
@mattab mattab changed the title "Invite user" feature grants access to the default website, ignoring the site "Invite user" feature grants access to the default website, ignoring the selected website Jul 27, 2022
@peterhashair peterhashair self-assigned this Jul 27, 2022
@peterhashair peterhashair mentioned this issue Jul 27, 2022
Merged
11 tasks
@peterhashair peterhashair linked a pull request Jul 27, 2022 that will close this issue
Params name not matching, caused first website granted not working #19575
Merged
11 tasks
@justinvelluppillai justinvelluppillai added Bug For errors / faults / flaws / inconsistencies etc. and removed Potential Bug Something that might be a bug, but needs validation and confirmation it can be reproduced. labels Jul 28, 2022
@sgiehl sgiehl added the Regression Indicates a feature used to work in a certain way but it no longer does even though it should. label Jul 28, 2022
@sgiehl sgiehl added this to the 4.11.0 milestone Jul 28, 2022
@sgiehl sgiehl closed this as completed Jul 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@peterhashair peterhashair

Labels
Bug For errors / faults / flaws / inconsistencies etc. not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org. Regression Indicates a feature used to work in a certain way but it no longer does even though it should.
Projects
None yet
Milestone
4.11.0
Development

Successfully merging a pull request may close this issue.

Params name not matching, caused first website granted not working matomo-org/matomo
4 participants
@mattab @justinvelluppillai @sgiehl @peterhashair