[pkg-horde] Bug#464058: turba access checking issue
Peter Paul Elfferich
pp at dia.uva.nl
Thu Feb 7 17:03:44 UTC 2008
Hey,
We just use a single, default, 'localsql' configuration (with use_shares =>
true).
Steps to reproduce this:
- Login as user A
- Select an entry from your private address book
- Select a contact list that is stored in a shared address book and click
'Add'
- You can view the contact list to check the address was added
- Logout and log back in as user B with access to the shared address book,
but not to user A's private address book
- View the same contact list and the address will have disappeared
- Logout and log back in as user A
- View the same contact list and the address to check the address has really
disappeared
I also verified this by looking at the entry data in the database. The entry
key is removed from the serialized object_members array of the shared
contact list at the moment user B views the contact list.
This wouldn't be a problem if it wouldn't be possible to add entries from
(in this case) your private address book to a contact list in a shared
address book. So I figure that should be patched as well.
Regards,
Peter Paul
On Feb 7, 2008 4:39 PM, Gregory Colpart <reg at evolix.fr> wrote:
> Hi,
>
> Could you give more details (sources.php, etc.) on this problem ?
>
> Regards,
> --
> Gregory Colpart <reg at evolix.fr> GnuPG:1024D/C1027A0E
> Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.alioth.debian.org/pipermail/pkg-horde-hackers/attachments/20080207/24ad14a7/attachment-0001.htm
More information about the pkg-horde-hackers
mailing list