Skip to content

1.0.3 - Fix user list popup for non-admin users

Latest
Latest

Choose a tag to compare

View all tags
@derneuere derneuere released this 27 Jun 17:53
· 2 commits to dev since this release
1.0.3
e01bfb9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Bug fixes

  • Fix the flood of "Required at results.N.…" popups shown to non-admin users on the main page (#1888, #1889).

    After the #1861 authorization hardening, GET /api/user/ returns the public-safe user serializer to non-admin users (the full serializer is reserved for admins and for a user viewing their own record). The frontend still validated every row against the full user schema, so every non-admin saw a validation-error popup on the main page. The list is now validated leniently, and the non-sensitive public_sharing flag is restored to the public serializer so the public-user discovery page keeps working. Sensitive fields (email, scan directory, Nextcloud credentials, superuser flag) remain hidden.

Full changelog: 1.0.2...1.0.3

Assets 2
Loading