#7204 [RFE] Do not display user list in FreeIPA WebUI self-service
Closed: wontfix 11 months ago by rcritten. Opened 2 years ago by pvoborni.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1494870

Description of problem:
When accessing FreeIPA server web ui from any IPA user with lowest privileges
in system it is visible two tabs, Users, OTP Tokens. If user clicks OTP Tokens
tab and back to Users tab all users in enterprise are being listed to the
unauthorized user.

Version-Release number of selected component (if applicable):
ipa-server-4.5.0-21.0.1.el7_4.1.2.x86_64

Steps to Reproduce:
1. Login to FreeIPA WebUI with any user with minimal privileges.
2. Click to OTP Tokens tab.
3. Click back to Users tab.

Actual results:
All users registered in FreeIPA server are visible.

Expected results:
I expect to see userlist only if the user is authorized to do it.

Metadata Update from @pvoborni:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1494870

2 years ago

Metadata Update from @pvoborni:
- Issue priority set to: minor

2 years ago

Metadata Update from @stsymbal:
- Issue tagged with: rfe, webui

a year ago

Closing as wontfix, this is working as designed.

The users are POSIX users after all so visible anyway.

Metadata Update from @rcritten:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

11 months ago

Login to comment on this ticket.

Metadata