Private room schedules not limited to admins

Bug #868567 reported by James Westby on 2011-10-05
This bug affects 1 person
Affects Status Importance Assigned to Milestone
James Westby

Bug Description


Only certain people get private rooms listed on the front page, however, if you know
the URL you can see the schedule for that room without even being logged in.

There should be a check in the by-room view to 404 private rooms.



James Westby (james-w) on 2011-10-05
Changed in summit:
status: New → Triaged
importance: Undecided → High
assignee: nobody → James Westby (james-w)
tags: added: lcq1-12
Chris Johnston (cjohnston) wrote :

Marking low since all you are seeing when visiting this URL is "Private Meetings." If people aren't marking their meeting private, then they would be displayed, but not marking your meeting as private also has other possible implications.

Changed in summit:
importance: High → Low
José Antonio Rey (jose) wrote :

And instead of a 404 it should throw a 403

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers