-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Databases with no permission are still shown as search results #22695
Labels
Administration/Permissions
Collection or Data permissions
.Backend
Organization/Search
Priority:P2
Average run of the mill bug
.Regression
Bugs that were previously fixed and/or bugs unintentionally shipped with new features.
.Reproduced
Issues reproduced in test (usually Cypress)
Type:Bug
Product defects
Milestone
Comments
flamber
added
Priority:P2
Average run of the mill bug
Administration/Permissions
Collection or Data permissions
.Backend
Organization/Search
.Regression
Bugs that were previously fixed and/or bugs unintentionally shipped with new features.
and removed
.Needs Triage
labels
May 13, 2022
Regression since 0.40.0 - 👋 @jeff303 |
nemanjaglumac
added a commit
that referenced
this issue
Jul 7, 2022
nemanjaglumac
added a commit
that referenced
this issue
Jul 8, 2022
This was referenced Dec 13, 2022
Merged
This was referenced Oct 27, 2023
This was referenced Jan 11, 2024
This was referenced Feb 5, 2024
Merged
Open
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Administration/Permissions
Collection or Data permissions
.Backend
Organization/Search
Priority:P2
Average run of the mill bug
.Regression
Bugs that were previously fixed and/or bugs unintentionally shipped with new features.
.Reproduced
Issues reproduced in test (usually Cypress)
Type:Bug
Product defects
Describe the bug
Even if the user does not have access to a database, it is still shown in the search results from the main screen search widget.
Logs
N/A
To Reproduce
Steps to reproduce the behavior:
/browse/N-database-name
Expected behavior
This database shouldn't be shown as a search result since there are no permissions for it
Screenshots
Information about your Metabase Installation:
You can get this information by going to Admin -> Troubleshooting.
v1.41.7
Severity
Low - no permission escalation, but even names might be sensitive?
Additional context
The text was updated successfully, but these errors were encountered: