View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0002854SOGo IntegratorBackend Calendarpublic2014-07-11 09:312014-07-14 12:29
Reporterpienne Assigned Toludovic  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionwon't fix 
Platform[Client] MicrosoftOSWindowsOS Version7
Product Version24.0.4 
Summary0002854: Administarors can view All events
Description

An administrator can view all event on any calendar

This only happens in Thunderbird, on the web interface events are displayed as (public event)

Steps To Reproduce

Server information
mysqld Ver 5.6.19 for Linux on x86_64 (MySQL Community Server (GPL))
CentOS 6.5 x64

Client Information
Windows 7 x64
Thunderbird 24.6
SOGo 2.2.6
SOGo Connector + Integrator 24.0.4
Lightning 2.6.5

TagsNo tags attached.

Relationships

Relationship GraphDependency Graph
related to 0002610 new SOGo Superuser can read source code of other user's appointments, but displayed as "(Public Event)" 

Activities

Christian Mack

Christian Mack

2014-07-14 08:16

developer   ~0007317

That is per design.
Admin users (SOGoSuperUser) must see everything.
How should they troubleshoot without this information?

See bug 0002610 for webinterface should show all events with all content.
pienne

pienne

2014-07-14 08:45

reporter   ~0007318

This should not be enabled by default even for Admin users.
It might be better to add a debug option that can enable this behavior.
This way even is an admin account is hacked not ever calendar is visible
Christian Mack

Christian Mack

2014-07-14 12:05

developer   ~0007321

I don't want to sound rude.
But if you don't want to use admin accounts, just don't add them to SOGoSuperUser.
francis

francis

2014-07-14 12:23

administrator   ~0007322

A super user must have super powers :)
ludovic

ludovic

2014-07-14 12:29

administrator   ~0007323

This is by design and we won't change this behaviour.

Issue History

Date Modified Username Field Change
2014-07-11 09:31 pienne New Issue
2014-07-14 08:16 Christian Mack Note Added: 0007317
2014-07-14 08:20 Christian Mack Relationship added related to 0002610
2014-07-14 08:45 pienne Note Added: 0007318
2014-07-14 12:05 Christian Mack Note Added: 0007321
2014-07-14 12:23 francis Note Added: 0007322
2014-07-14 12:29 ludovic Note Added: 0007323
2014-07-14 12:29 ludovic Status new => closed
2014-07-14 12:29 ludovic Assigned To => ludovic
2014-07-14 12:29 ludovic Resolution open => won't fix