New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

All dashboards shown in dropdown when adding widget to dashboards #3693

Closed
svanschie opened this Issue Apr 7, 2017 · 1 comment

Comments

Projects
None yet
4 participants
@svanschie

svanschie commented Apr 7, 2017

Expected Behavior

Only the dashboards the user has edit permissions on should be shown.

Current Behavior

Currently all dashboards of all users are shown, even those the user has no permissions on at all.

Steps to Reproduce (for bugs)

  1. Create two users with their own dashboard and permissions
  2. Login as one of those users
  3. Create a widget in the search
  4. Click the 'add to dashboard' button. The dropdown now also shows the dashboard of the other user.

Your Environment

  • Graylog Version: 2.2.3-1

@edmundoa edmundoa self-assigned this Apr 10, 2017

@svanschie

This comment has been minimized.

svanschie commented Apr 10, 2017

Ran into some other issues which also gave me some more information on this. It appears to be related to browser caching. When logging out as one user and then logging in as another one, you still see the dashboard list (in the 'add to dashboard' dropdown) of the other user. When doing a hard refresh in browser, you will only see the dashboards the user has access to.

edmundoa added a commit that referenced this issue Apr 11, 2017

Invalidate dashboards data after logout
Listen to SessionStore events to ensure we reset the dashboards after a
logout, so users are not able to see data from previous sessions.

Fixes #3693

@joschi joschi added this to the 2.3.0 milestone Apr 12, 2017

@joschi joschi closed this in #3700 Apr 12, 2017

@wafflebot wafflebot bot removed the in progress label Apr 12, 2017

joschi added a commit that referenced this issue Apr 12, 2017

Invalidate dashboards data after logout (#3700)
Listen to SessionStore events to ensure we reset the dashboards after a
logout, so users are not able to see data from previous sessions.

Fixes #3693
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment