New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: remove "All" permission for Workspace #19496
Conversation
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## develop #19496 +/- ##
===========================================
+ Coverage 65.41% 65.49% +0.08%
===========================================
Files 755 755
Lines 74475 73895 -580
Branches 6126 6133 +7
===========================================
- Hits 48715 48398 -317
+ Misses 22266 21921 -345
- Partials 3494 3576 +82
Flags with carried forward coverage won't be shown. Click here to find out more. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will not work, since the user doesn't have access to Workspace he/she cannot use get_all
or get_list
Did you test it? It does work 😅
|
My bad, I works 😅 |
Before:
After:
Everything else should remain unchanged.
"All" users were able to open the workspace list and see everyone else's workspace and, by extension, their email id's. This becomes a problem in big systems where users cannot, for legal reasons, see everybody's email ids.
We had some
get_list
calls thatworkspace.py
uses internally, which I had to change toget_all
. From a security perspective, this changes nothing (before, everyone had permissions, now they get ignored).Internal reference: LAN-619