Security trim search results
At the moment, when a user carries out a search in Coyo, all results are returned, irrespective of whether the user can access any of the documents, communities etc. The user receives an error if they try to access a document etc in the search results, if they do not have access.
The results should be security trimmed. That means that user should only be presented with results that they can access.
Permissions, visibility and other security limitation are applied to all content in the search. If users can find results that they are not supposed to find then this is a serious security issue and a bug. I am currently not aware of an open issue which would cause this to happen, though.
Please contact our service and open a bug ticket with some examples: https://www.service.coyoapp.com
4 commentsComments are closed
Florian Fuchs commented
Are you sure this is the case? If true, this would be a big security issue.
So search, the most important feature, does not work just as all the other parts of Coyo?
Jason Cook commented
Yes please do this
Mark Piatkowski commented