Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-25476

Mail subscriptions ignoring users space permission

XMLWordPrintable

      according to CONF-25213 notifications with confidential information are sent though eMail "popular content" to users who don't have permissions to a specific space! ouch

      Didn't tested 4.2.2 yet. If it's fixed, please close

            [CONFSERVER-25476] Mail subscriptions ignoring users space permission

            Steve Lancashire (Inactive) added a comment -

            This was fixed with CONF-25284 with commit 03783b5ae4756bd88f6bb477565e66a20974d23c. This went into 4.2.3, in reviewing this I've added another unit test.

            Steve Lancashire (Inactive) added a comment - This was fixed with CONF-25284 with commit 03783b5ae4756bd88f6bb477565e66a20974d23c. This went into 4.2.3, in reviewing this I've added another unit test.

            childnode added a comment - - edited

            Yes, the user who got mails didn't have any rights to use confluence (they are not entitled in any group which is used in global Permissions to grant access to the private wiki).
            The user is entitled in another group, which have been granted access to a specific space.

            So as far as I can reproduce: Users are getting notifications for all spaces they are entitled to granted space permission groups nevertheless user is entitled in a global permission group with "can-login" rights.
            ^ That's the pity.

            A first "login" is not needed when using crowd as user directory where users are created automatically on sync!

            childnode added a comment - - edited Yes, the user who got mails didn't have any rights to use confluence (they are not entitled in any group which is used in global Permissions to grant access to the private wiki). The user is entitled in another group, which have been granted access to a specific space. So as far as I can reproduce: Users are getting notifications for all spaces they are entitled to granted space permission groups nevertheless user is entitled in a global permission group with "can-login" rights. ^ That's the pity. A first "login" is not needed when using crowd as user directory where users are created automatically on sync!

            Don Willis added a comment -

            Hi Marcel,

            what do you mean by "is no global confluence-user"? Users don't have to be in "confluence-users" in order to use Confluence, although it is the regular way. I recommend you file a support request at support.atlassian.com to look more carefully at your situation. As much as CONF-25213 will make a difference, it shouldn't be required for the situation you're describing.

            Are you sure the users you're talking about don't actually have permission to use Confluence, even though they've never done so?

            Don Willis added a comment - Hi Marcel, what do you mean by "is no global confluence-user"? Users don't have to be in "confluence-users" in order to use Confluence, although it is the regular way. I recommend you file a support request at support.atlassian.com to look more carefully at your situation. As much as CONF-25213 will make a difference, it shouldn't be required for the situation you're describing. Are you sure the users you're talking about don't actually have permission to use Confluence, even though they've never done so?

            childnode added a comment -

            ok...digged into the permissions. Seems to user was entitled to a group which has space permissions but is no global confluence-user. So: might be fixed within CONF-25213
            Didn't tested other constellations yet.

            childnode added a comment - ok...digged into the permissions. Seems to user was entitled to a group which has space permissions but is no global confluence-user. So: might be fixed within CONF-25213 Didn't tested other constellations yet.

              slancashire Steve Lancashire (Inactive)
              c34ad611bdfc childnode
              Affected customers:
              0 This affects my team
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: