[ZBX-12655] Users from different groups has access to all message content in event details Created: 2017 Sep 01 Updated: 2024 Apr 10 Resolved: 2018 Jan 04 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | API (A) |
Affects Version/s: | 3.0.10, 3.2.7, 3.4.1 |
Fix Version/s: | 3.0.14rc1, 3.2.11rc1, 3.4.5rc1, 4.0.0alpha1, 4.0 (plan) |
Type: | Problem report | Priority: | Major |
Reporter: | Viktors Tjarve | Assignee: | Gregory Chalenko |
Resolution: | Fixed | Votes: | 0 |
Labels: | api | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | Screenshot_with_marks.png | ||||||||||||
Issue Links: |
|
||||||||||||
Team: | Team C | ||||||||||||
Team: | Team C | ||||||||||||
Sprint: | Sprint 16, Sprint 17, Sprint 18, Sprint 19, Sprint 20, Sprint 21 | ||||||||||||
Story Points: | 0.5 |
Description |
Personal information inside alert messages can be viewed by all users who has rights to the host even if these users are not from the same user group. In event details of a recovery event message content should not be displayed where recipients are "Inaccessible user". How to reproduce:
Expected: Information about message actions is not visible to users from different user groups except to Superadmins. |
Comments |
Comment by Viktors Tjarve [ 2017 Sep 01 ] |
Server side fixed in |
Comment by Gregory Chalenko [ 2017 Sep 14 ] |
Resolved in development branch branches/dev/ZBX-12655 |
Comment by Vjaceslavs Bogdanovs [ 2017 Oct 03 ] |
(1) [F] No translation string changes CLOSED |
Comment by Gregory Chalenko [ 2017 Oct 20 ] |
(3) Please review changes made for branches 3.0 (branches/dev/ZBX-12655) and 3.2 (branches/dev/ZBX-12655-3.2) vjaceslavs Reviewed, CLOSED |
Comment by Gregory Chalenko [ 2017 Nov 23 ] |
Fixed in:
|
Comment by Ivo Kurzemnieks [ 2017 Dec 29 ] |
(5) [D] alert.get has changed output. API documentation is missing. gcalenko RESOLVED API documentation changes:
iivs Minor wording change. Other wise good. Thanks! |