Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BUG: Space admin, doesn't have read privileges to private subsubspace of priave space #4860

Open
Comoque1 opened this issue Jan 23, 2025 · 0 comments
Open

BUG: Space admin, doesn't have read privileges to private subsubspace of priave space #4860

Comoque1 opened this issue Jan 23, 2025 · 0 comments
Labels
Atlas Team Issues and Epics worked on by team Atlas bug Something isn't working Product Discussion server

Comments

@Comoque1
Copy link
Member

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

  1. Using the server-api tests run the following command:npm run test:roleset ./src/functional-api/roleset/user/user.authorization.it-spec.ts , BUT comment first:
// afterAll(async () => {
//   await TestScenarioFactory.cleanUpBaseScenario(baseScenario);
// });

so that the data is not removed
2. Perform the following query with the Space admin:

{
  space(ID: "8d70fcd2-d108-4799-969a-42701fc5c339") {
    settings {
      ...SpaceSettings
    }
    community {
      roleSet {
        roleNames
        usersInRoles(roles: ADMIN) {
          users {
            email
          }
        }
        authorization {
          myPrivileges
        }
      }
    }
    subspaces {
      settings {
        ...SpaceSettings
      }
      community {
        roleSet {
          usersInRoles(roles: ADMIN) {
            users {
              email
            }
          }
          authorization {
            myPrivileges
          }
        }
      }
      subspaces {
        id
        community {
          roleSet {
            roleNames
            usersInRoles(roles: ADMIN) {
              users {
                email
              }
            }
            authorization {
              myPrivileges
            }
          }
        }
        settings {
          ...SpaceSettings
        }
        authorization {
          myPrivileges
        }
      }
    }
  }
}

fragment SpaceSettings on SpaceSettings {
  collaboration {
    allowEventsFromSubspaces
    allowMembersToCreateCallouts
    allowMembersToCreateSubspaces
    inheritMembershipRights
  }
  membership {
    allowSubspaceAdminsToInviteMembers
    policy
    trustedOrganizations
  }
  privacy {
    allowPlatformSupportAsAdmin
    mode
  }
}
  1. Error is thrown: "message": "User ([email protected]) does not have credentials that grant 'read-about' access to Space.community with id 'ad179f20-a54f-4a3e-a651-17fcf8d2e948' with authorization: 35d35139-c0d2-49cd-b99e-a92d1465b8a1",
    The space admin doesn't have rights to read community of private subsubspace
    The space member, has rights to read community of private subsubspace

image.png

Expected behavior
The space admin has rights to read community of private subsubspace
The space member, doesn't have rights to read community of private subsubspace

Additional context
The issue is unlikely to be reproduced, as we don't expose subsubspace privacy settings on client
@Comoque1 Comoque1 added Atlas Team Issues and Epics worked on by team Atlas bug Something isn't working server labels Jan 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Atlas Team Issues and Epics worked on by team Atlas bug Something isn't working Product Discussion server
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Comoque1 @SimoneZaza