Group History does not respect group security #5043
Labels
Status: Confirmed
It's clear what the subject of the issue is about, and what the resolution should be.
Type: Bug
Confirmed bugs or reports that are very likely to be bugs.
x-Fixed in v13.7
Prerequisites
Description
The Group History block shows groups even though current person does not have view access to that group. In screenshot below, Ted Decker does not have view access to the "Abuse Care" group. The Group List block correctly does not show that group, but the group history block does:
Ted can also see in Jenny's history when she was added to that group:
Steps to Reproduce
Expected behavior:
User is not able to see anything related to the group they do not have View access to.
Actual behavior:
The person can see the group in the group history chart and in the person's history.
Versions
The text was updated successfully, but these errors were encountered: