Summit

Private room schedules not limited to admins

Bug #868567 reported by James Westby on 2011-10-05

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Summit	Triaged	Low	James Westby

Bug Description

Hi,

Only certain people get private rooms listed on the front page, however, if you know
the URL you can see the schedule for that room without even being logged in.

There should be a check in the by-room view to 404 private rooms.

Thanks,

James

Tags:

James Westby (james-w) on 2011-10-05

Changed in summit:
status:	New → Triaged
importance:	Undecided → High
assignee:	nobody → James Westby (james-w)

Chris Johnston (cjohnston) on 2011-12-01

tags:

added: lcq1-12

Revision history for this message

Chris Johnston (cjohnston) wrote on 2012-02-09:

Marking low since all you are seeing when visiting this URL is "Private Meetings." If people aren't marking their meeting private, then they would be displayed, but not marking your meeting as private also has other possible implications.

Changed in summit:
importance:	High → Low

Revision history for this message

José Antonio Rey (jose) wrote on 2012-09-29:

And instead of a 404 it should throw a 403

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Related blueprints

Remote bug watches

Bug watches keep track of this bug in other bug trackers.