Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Meeting/Committee menu: Visibility of participants not correctly restricted #4071

Open
MSoeb opened this issue Aug 30, 2024 · 3 comments · May be fixed by #4178
Open

Meeting/Committee menu: Visibility of participants not correctly restricted #4071

MSoeb opened this issue Aug 30, 2024 · 3 comments · May be fixed by #4178
Assignees
@reiterl
Labels
bug
Milestone
4.2

Comments

@MSoeb
Copy link

MSoeb commented Aug 30, 2024
edited
Loading

Describe the bug
In the committees and meetings menus, the visibility of existing participants are not correctly regulated in the tool tips. Users which are part of a meeting and not admins in it can see the number of participants per meeting or per committee. This is incorrect. In the current status, these users can see the amount of participants on orga level, even if they don't have the permission to see the participant list in a meeting. This don't make sense. There should be a view limitation.

Additionally, the number of accounts in a committee is visible for these users in the committees listing.

Image 1:
image

Image 2:
image

Image 3:
image

How to Reproduce
Steps to reproduce the behavior:
Requirements: A committee with two meetings. A user as delegate in both meetings. The user also didn't have the permission to see the participant list in each meeting.

  1. login as user A > open committees menu. Number of accounts per committee is visible. (Image 1 - case 1) > Open the committee detail view. you should see now both meetings with a hint about the user amount in the meeting. (image two - case 2)
  2. open now the meeting list. same behavior here. the user can see the amount of participants in the meetings. (image three - case three)

Expected behavior
Case 1: The number of accounts per committee should only be visible for accounts who are allowed to see it. Only superadmins, organizationadmins, account admins and the committee admins of the committee should see this number.

Case 2: Accounts without the permission to see users in a meeting should not see the participant amount. However, this does not apply to admin accounts at organization level. Who can see this number: superadmins, orgaadmins, committee admins of the meeting, the meeting admin and users in the meeting with the group permission 'can see participants'.

Case 3: The number of accounts per meeting should only be visible for accounts who are allowed to see it. Who can see this number: superadmins, orgaadmins, committee admins of the meeting, the meeting admin and users in the meeting with the group permission 'can see participants'.
@MSoeb MSoeb added the bug label Aug 30, 2024
@MSoeb MSoeb added this to the 4.2 milestone Aug 30, 2024
@reiterl
Copy link
Member

reiterl commented Sep 17, 2024

Chatted with @MSoeb he doesn't have time to chat and I think the description needs to be improved.

@MSoeb
Copy link
Author

MSoeb commented Sep 17, 2024

Note: I have adjusted the description.

@reiterl
Copy link
Member

reiterl commented Sep 17, 2024

  1. In committee-list number of accounts per committee should only be visible for min account admins or committee managers of that committee.
  2. In committee-detail number of participants per meeting should only be visible for min orga admins or committee managers of the committee of that meeting, or users in that meeting with the permission 'can see participants'
  3. in meeting-list number of accounts should only be visible for min orga admins or committee managers of the committee of that meeting or users in the that meeting with the permission 'can see participants'.

@reiterl reiterl self-assigned this Sep 25, 2024
@reiterl reiterl linked a pull request Sep 25, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@reiterl reiterl

Labels
bug
Projects
None yet
Milestone
4.2
Development

Successfully merging a pull request may close this issue.

Amount participants visibility in committee/meeting reiterl/openslides-client
3 participants
@rrenkert @reiterl @MSoeb