Problem/Motivation

As an Authenticated user I should not be able to access another user's profile.

Steps to reproduce

  • Login as authenticated user
  • User should not have access to the paths for other users (but should have access to own if appropriate permission granted):
    • /user/{uid}/information
    • /user/{uid}/stream
    • /user/{uid}/topics
    • /user/{uid}/events
    • /user/{uid}/information
    • /user/{user}/albums
    • /user/{user}/followers
    • /user/{user}/groups
    • /user/{user}/invitations
    • /user/{user}/group-invites
    • /user/{user}/event-invites

Proposed resolution

Alter access for all views routes that have path pattern /user/{user}*

Comments

vnech created an issue. See original summary.

vnech’s picture

vnech commented
Status: Active » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.