The current specification requires search rights on all attributes in a search filter and the current implementation needs to enforce this to prevent the risk of revealing attribute values, which the user has no access.
But in OR filters this could be relaxed to attributes wich are used in determining a match, a filter element with an attribute with no access could always be false. But this would require a major rewrite how searches and access and filter matching are implemented.
This ticket is a placeholder for improvement in future releases
Metadata Update from @lkrispen: - Issue set to the milestone: FUTURE
Metadata Update from @mreynolds: - Custom field reviewstatus adjusted to None - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/913
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: fixed)
Login to comment on this ticket.