Users are able to see restricted dependencies and risks in global search / with shared link

XMLWordPrintable

      Issue Summary

      When searching for Dependencies/Risks in the search menu, items show despite the user not having any related team memberships. Users are able to access restricted Risks but not dependencies.

      Steps to Reproduce

      1. Have some Dependencies/Risks
      2. Have a test user with a non-admin role, with Dependencies and Risks toggles enabled
        1. The user should NOT be a member of any teams
        2. Navigate to Risks and Dependencies grid, clear filters, and observe that no items are available
      3. Open search and search for the above dependencies/risks
      4. Observe that items show
      5. Click on a Risk - it opens up

      Expected Results

      Since users are not able to see the restricted items via item grids, search results should not show them either.

      Users should not be able to access the restricted Risks. 

      Actual Results

      Search shows restricted items.

      Users are able to access restricted Risks through Search.

      Workaround

      Currently, there is no known workaround for this behavior. A workaround will be added here when available.

        1. image-2024-06-17-14-57-03-276.png
          image-2024-06-17-14-57-03-276.png
          82 kB

            Assignee:
            Juan Arias
            Reporter:
            Kirill Duplyakin
            Votes:
            3 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: