This is a security problem: although anonymous users have no read access to jobtickets nodes, they still can search through its entire contents!

Comments

jeremy’s picture

jeremy commented
Title: Anonymous users can fully search through tickets » Limit searches to tickets user has access to
Category: bug » feature

Marking as a feature request: integrate Jobtrack with search to check permissions and only allow users to be able to search tickets that they can access. It has been on my internal TODO list for a while, moving here now to track until it happens.

Patches are welcome.

jeremy’s picture

jeremy commented
Status: Active » Fixed

Feature committed.

roball’s picture

roball commented

Excellent! Thank you - now working fine :-)

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.