Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MM-54366 Check guest access to other members #4871

Merged
merged 2 commits into from
Sep 25, 2023
Merged

MM-54366 Check guest access to other members #4871

merged 2 commits into from
Sep 25, 2023

Conversation

sbishel
Copy link
Collaborator

@sbishel sbishel commented Sep 13, 2023

Summary

Guests should only have access to other members if they are both members of the same channel or board. This PR enforces that on the '/user' post endpoint. Also required fixing queries.

Ticket Link

Fixes https://mattermost.atlassian.net/browse/MM-54366

@sbishel sbishel added 2: Dev Review Requires review by a core committer 3: Security Review Review requested from Security Team CherryPick/Approved Meant for the quality or patch release tracked in the milestone labels Sep 13, 2023
@sbishel sbishel added this to the v7.11 milestone Sep 13, 2023
@sbishel sbishel requested a review from esarafianou September 15, 2023 20:09
mgdelacroix
mgdelacroix approved these changes Sep 18, 2023
View reviewed changes
Copy link
Contributor

@mgdelacroix mgdelacroix left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

esarafianou
esarafianou approved these changes Sep 19, 2023
View reviewed changes
Copy link

@esarafianou esarafianou left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@amyblais amyblais removed the 3: Security Review Review requested from Security Team label Sep 22, 2023
@sbishel sbishel merged commit 134422d into mattermost-community:main Sep 25, 2023
@mattermost-build
Copy link
Contributor

Cherry pick is scheduled.

mattermost-build pushed a commit to mattermost-build/focalboard that referenced this pull request Sep 25, 2023
@sbishel @mattermost-build
MM-54366 Check guest access to other members (mattermost-community#4871)
3e9a3a0 
* check guest access to other members

* lint fix

(cherry picked from commit 134422d)
@mattermost-build mattermost-build mentioned this pull request Sep 25, 2023
Merged
@mattermost-build mattermost-build added CherryPick/Done Successfully cherry-picked to the quality or patch release tracked in the milestone and removed CherryPick/Approved Meant for the quality or patch release tracked in the milestone labels Sep 25, 2023
@sbishel
Copy link
Collaborator Author

sbishel commented Sep 25, 2023

/cherry-pick release-7.11

@mattermost-build
Copy link
Contributor

Cherry pick is scheduled.

@mattermost-build
Copy link
Contributor

Error trying doing the automated Cherry picking. Please do this manually

+++ Updating remotes...
Fetching upstream
Failed to add the RSA host key for IP address '140.82.114.4' to the list of known hosts (/app/.ssh/known_hosts).
Fetching origin
Failed to add the RSA host key for IP address '140.82.114.4' to the list of known hosts (/app/.ssh/known_hosts).
+++ Updating remotes done...
+++ Creating local branch automated-cherry-pick-of-focalboard-#4871-upstream-release-7.11-1695651611
Switched to a new branch 'automated-cherry-pick-of-focalboard-#4871-upstream-release-7.11-1695651611'
Branch 'automated-cherry-pick-of-focalboard-#4871-upstream-release-7.11-1695651611' set up to track remote branch 'release-7.11' from 'upstream'.

+++ About to attempt cherry pick of PR #4871 with merge commit 134422df4d6c800312224453129aea8718841ee0.

[automated-cherry-pick-of-focalboard-#4871-upstream-release-7.11-1695651611 25e5a2a8] MM-54366 Check guest access to other members (#4871)
 Author: Scott Bishel <scott.bishel@mattermost.com>
 Date: Mon Sep 25 08:19:53 2023 -0600
 5 files changed, 127 insertions(+), 15 deletions(-)

+++ I'm about to do the following to push to GitHub (and I'm assuming origin is your personal fork):

  git push origin automated-cherry-pick-of-focalboard-#4871-upstream-release-7.11-1695651611:automated-cherry-pick-of-focalboard-#4871-upstream-release-7.11

Failed to add the RSA host key for IP address '140.82.112.3' to the list of known hosts (/app/.ssh/known_hosts).
To github.com:mattermost-build/focalboard.git
 + 3e9a3a05...25e5a2a8 automated-cherry-pick-of-focalboard-#4871-upstream-release-7.11-1695651611 -> automated-cherry-pick-of-focalboard-#4871-upstream-release-7.11 (forced update)

+++ Creating a pull request on GitHub at mattermost-build:automated-cherry-pick-of-focalboard-#4871-upstream-release-7.11
Error creating pull request: Unprocessable Entity (HTTP 422)
A pull request already exists for mattermost-build:automated-cherry-pick-of-focalboard-#4871-upstream-release-7.11.

+++ Returning you to the main branch and cleaning up.

mattermost-build pushed a commit to mattermost-build/focalboard that referenced this pull request Sep 25, 2023
@sbishel @mattermost-build
MM-54366 Check guest access to other members (mattermost-community#4871)
25e5a2a 
* check guest access to other members

* lint fix

(cherry picked from commit 134422d)
sbishel added a commit that referenced this pull request Sep 25, 2023
@mattermost-build @sbishel
MM-54366 Check guest access to other members (#4871) (#4884)
c120e12 
* check guest access to other members

* lint fix

(cherry picked from commit 134422d)

Co-authored-by: Scott Bishel <scott.bishel@mattermost.com>
mattermost-build added a commit to mattermost-build/focalboard that referenced this pull request Sep 26, 2023
@mattermost-build
MM-54366 Check guest access to other members (mattermost-community#4871
eaf5973 
…) (mattermost-community#4884)

* check guest access to other members

* lint fix

(cherry picked from commit 134422d)

Co-authored-by: Scott Bishel <scott.bishel@mattermost.com>
(cherry picked from commit c120e12)
mattermost-build added a commit to mattermost-build/focalboard that referenced this pull request Sep 26, 2023
@mattermost-build
MM-54366 Check guest access to other members (mattermost-community#4871
267c965 
…) (mattermost-community#4884)

* check guest access to other members

* lint fix

(cherry picked from commit 134422d)

Co-authored-by: Scott Bishel <scott.bishel@mattermost.com>
(cherry picked from commit c120e12)
sbishel pushed a commit that referenced this pull request Sep 27, 2023
@mattermost-build
MM-54366 Check guest access to other members (#4871) (#4884) (#4889)
2dab1cd 
* check guest access to other members

* lint fix

(cherry picked from commit 134422d)

Co-authored-by: Scott Bishel <scott.bishel@mattermost.com>
(cherry picked from commit c120e12)
sbishel pushed a commit that referenced this pull request Sep 27, 2023
@mattermost-build
MM-54366 Check guest access to other members (#4871) (#4884) (#4888)
8209b6b 
* check guest access to other members

* lint fix

(cherry picked from commit 134422d)

Co-authored-by: Scott Bishel <scott.bishel@mattermost.com>
(cherry picked from commit c120e12)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@esarafianou esarafianou esarafianou approved these changes

@mgdelacroix mgdelacroix mgdelacroix approved these changes

@jespino jespino Awaiting requested review from jespino

Assignees
No one assigned
Labels
2: Dev Review Requires review by a core committer CherryPick/Done Successfully cherry-picked to the quality or patch release tracked in the milestone
Projects
None yet
Milestone
v7.11
Development

Successfully merging this pull request may close these issues.
5 participants
@sbishel @mattermost-build @mgdelacroix @esarafianou @amyblais