-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
7.18.1
-
None
-
7
-
Severity 3 - Minor
-
1
-
Issue Summary
Normally Confluence doesn't let create group names by using upper-case. However, this check doesn't apply when the group names are synchronized from an LDAP server. So the group names with all upper-case or mixed upper-case and lower-case are allowed to be synchronized from LDAP servers.
When setting page restrictions via the below REST API for the group names with mixed upper-case and lower-case, these pages can be viewed by the member of these groups, however, they are not searchable through the search section.
REST API:
<confluence-base-url>/rest/experimental/content/<pageId>/restriction
This is reproducible on Data Center: (yes)
Steps to Reproduce
- Set up Confluence with an AD.
- Create a group with a fix of upper and lower case names (e.g. AbCd) or generally have uppercase characters.
- Create a page.
- Use the REST API to update the page restrictions with the group name.
<confluence-base-url>/rest/experimental/content/<pageId>/restriction [ { "operation": "update", "restrictions": { "group": [], "user": [ { "type": "user", "username": "admin" } ] }, "operation": "read", "restrictions": { "user": [ { "type": "user", "username": "admin" } ], "group": [ { "type": "group", "name": "AbCd" } ] } } ]
Expected Results
The related restricted pages should be both viewable and searchable by the member of the groups that contain a mix of upper-case and lower-case characters.
Actual Results
The related restricted pages are viewable but they are not searchable by the member of the groups that contain a mix of upper-case and lower-case characters.
Workaround
Using Confluence UI to restrict the pages for the related groups instead of REST API.
- follows
-
VULN-1074826 Loading...
This is causing also issues to Children display macro. Page created and restricted using REST API is not visible when using Children macro, even though all descending pages are set to be displayed. Manually created page is visible without any issues.