Details
-
Bug
-
Resolution: Fixed
-
Highest
-
10.95, 10.96
-
1
-
Severity 1 - Critical
-
No
Description
Issue Summary
- External Ideation Users are able to create ideas on a ideation group that they are not authorized to.
Steps to Reproduce
- Setup two Ideation Group: "Mozilla" ideation group and "Safari" ideation group
- Configure external URLs for each, and allow for external user registering
- Have an external user "John Doe" to register on Mozilla
- As a Jira Align Ideation Admin, authorize that user
- Have the user log in to Mozilla's external URL & file a new Idea
- Open a new tab (same browser)
- Browse to Safari's external URL
- Notice an error message (red toaster) like below
"An access request has been sent to this group's administrator." (see bug JIRAALIGN-3292 for details) - Get back to Mozilla tab
- Click Create New Idea button, type in as necessary, then Save
- Notice the new Idea gets created on Safari ideation group, not Mozilla
- Notice the user is able to open all Safari ideas displayed on the Ideation grid
Expected Results
- New ideas should be created on the Ideation group that the user is (a) authorized to and (b) logged in at the tab in focus currently.
Actual Results
- Browser cookies gets changed when browsing between two or more ideation groups
- Creating ideas after switching between tabs end up creating ideas in a different ideation group
- Unauthorized user gets access to ideas of a given ideation group
Workaround
- Currently there is no known workaround for this behavior. A workaround will be added here when available.
Attachments
Issue Links
- resolves
-
ALIGNSP-9676 Loading...