Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

projects page on the portal is public anyone can see it #39155

Closed
yahyaoudra opened this issue Dec 11, 2023 · 8 comments · Fixed by #39164
Closed

projects page on the portal is public anyone can see it #39155

yahyaoudra opened this issue Dec 11, 2023 · 8 comments · Fixed by #39164
Labels
bug

Comments

@yahyaoudra
Copy link

Information about bug

when you visit erpnext path installation erpnext.domaine.com/project
any one can see the list of projects you have with images of assignees ...

Module

portal

Version

ERPNext: v15.2.0 (version-15)

Frappe Framework: v15.1.0 (version-15)

Helpdesk: v0.10.0 (main)

Frappe HR: v16.0.0-dev (develop)

Frappe LMS: v1.0.0 (main)

Installation method

manual install

Relevant log output / Stack trace / Full Error Message.

No response
@yahyaoudra yahyaoudra added the bug label Dec 11, 2023
@yahyaoudra
Copy link
Author

Anyone please

@s-aga-r
Copy link
Contributor

s-aga-r commented Dec 26, 2023

@yahyaoudra You can set the role or disable it in the Portal Settings.

image

@0xD0M1M0
Copy link
Contributor

@s-aga-r I have as shown in your screenshot the Role "Customer" set and in a new private window without login the projects are showing.

@yahyaoudra
Copy link
Author

yahyaoudra commented Dec 28, 2023
edited
Loading

@s-aga-r I disabled it and still the same problem

@s-aga-r s-aga-r transferred this issue from frappe/erpnext Dec 28, 2023
@juanc1479
Copy link

juanc1479 commented Dec 28, 2023
edited
Loading

Same problem here. Under an incognito and unlogged user, I can access the list of projects when they should be private and only accessible when signed in with the correct permissions. erp.example.com/project When I click on erp.example.com/newsletters they are inaccessible and I need to log in, which is correct as I set the newsletters to private.

Could you point me to where in the code base I can look to see if I can fix the privacy issue? Thank you.

Installed Apps
ERPNext: v15.8.3 (version-15)
Frappe Framework: v15.7.0 (version-15)
Frappe HR: v15.7.1 (version-15)
Payments: v0.0.1 (version-15)

2023-12-28_10-10-24

@s-aga-r s-aga-r mentioned this issue Dec 31, 2023
Closed
@0xD0M1M0
Copy link
Contributor

0xD0M1M0 commented Jan 4, 2024

The issue is with frappe/erpnext not with frappe/frappe. I explained the fix in erpnext/#39009

@0xD0M1M0 0xD0M1M0 mentioned this issue Jan 4, 2024
Closed
@s-aga-r
Copy link
Contributor

s-aga-r commented Jan 5, 2024

@0xD0M1M0 There are two issues first one is for permission and second if a Portal Menu is disabled it also not be accessible with a URL.

@s-aga-r
Copy link
Contributor

s-aga-r commented Jan 5, 2024

transferring this back to ERPNext, ignore the disabled one for now.

@s-aga-r s-aga-r transferred this issue from frappe/frappe Jan 5, 2024
@barredterra barredterra mentioned this issue Jan 9, 2024
Merged
@barredterra barredterra linked a pull request Jan 10, 2024 that will close this issue
fix: projects website list visible for guests and all logged in customers #39164
Merged
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: projects website list visible for guests and all logged in customers 0xD0M1M0/erpnext
4 participants
@s-aga-r @yahyaoudra @0xD0M1M0 @juanc1479