Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Roles column of "Pending Invitations" view is empty for most users #1047

Open
boobaa opened this issue Mar 19, 2024 · 1 comment
Open

Roles column of "Pending Invitations" view is empty for most users #1047

boobaa opened this issue Mar 19, 2024 · 1 comment
Assignees
Labels
bug Something isn't working

Comments

@boobaa
Copy link
Contributor

boobaa commented Mar 19, 2024

Description

Team administrators are allowed by default to invite other users to their teams. However, they do not see the roles of those who have been invited but haven't accepted the invitation yet.

Apigee Info

We're using OPDK, but this is a bug in the Drupal module, it should be present with Apigee X and Apigee Edge as well.

Steps to Reproduce

Steps to reproduce the behavior:

  1. As a team admin, go to your team's Members tab.
  2. Click on "Invite members".
  3. Enter the email address of an already-existing user who is not a member of this team yet.
  4. Click on "Invite members".

Actual Behavior

The invited user will be listed in the "Pending Invitations", but the Roles column is empty.

Expected Behavior

Those who can invite users should be able to see the Roles of invited-but-not-yet-member users.

Screenshots

As a team admin, but without the site-wide "Administer teams" permission (see Notes below):
image

As a user having the site-wide "Administer teams" permission:
image

Notes

With the site-wide "Administer teams" permission, this Roles column is populated. However, this allows the user much more than that, with undesirable side effects (including having admin access to ALL teams, even the ones the user is not a member of). This permission also says Warning: Give to trusted roles only; this permission has security implications. Administer module configure and manage any team and team apps. so it should not be granted to all authenticated users. Currently, there is no team-level permission that allows team admins seeing this info.

Version Info

apigee/apigee-client-php                       3.0.5     Client library for connecting to the Apigee Edge API.
drupal/apigee_edge                             3.0.6     Apigee for Drupal.
drupal/core                                    10.1.8    Drupal is an open source content management platform powering millions of websites and applications.
@boobaa boobaa added the bug Something isn't working label Mar 19, 2024
@kedarkhaire
Copy link
Collaborator

Hi @boobaa
Thanks for describing the issue, we will look into it.

@kedarkhaire kedarkhaire self-assigned this Aug 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants