You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Team administrators are allowed by default to invite other users to their teams. However, they do not see the roles of those who have been invited but haven't accepted the invitation yet.
Apigee Info
We're using OPDK, but this is a bug in the Drupal module, it should be present with Apigee X and Apigee Edge as well.
Steps to Reproduce
Steps to reproduce the behavior:
As a team admin, go to your team's Members tab.
Click on "Invite members".
Enter the email address of an already-existing user who is not a member of this team yet.
Click on "Invite members".
Actual Behavior
The invited user will be listed in the "Pending Invitations", but the Roles column is empty.
Expected Behavior
Those who can invite users should be able to see the Roles of invited-but-not-yet-member users.
Screenshots
As a team admin, but without the site-wide "Administer teams" permission (see Notes below):
As a user having the site-wide "Administer teams" permission:
Notes
With the site-wide "Administer teams" permission, this Roles column is populated. However, this allows the user much more than that, with undesirable side effects (including having admin access to ALL teams, even the ones the user is not a member of). This permission also says Warning: Give to trusted roles only; this permission has security implications. Administer module configure and manage any team and team apps. so it should not be granted to all authenticated users. Currently, there is no team-level permission that allows team admins seeing this info.
Version Info
apigee/apigee-client-php 3.0.5 Client library for connecting to the Apigee Edge API.
drupal/apigee_edge 3.0.6 Apigee for Drupal.
drupal/core 10.1.8 Drupal is an open source content management platform powering millions of websites and applications.
The text was updated successfully, but these errors were encountered:
Description
Team administrators are allowed by default to invite other users to their teams. However, they do not see the roles of those who have been invited but haven't accepted the invitation yet.
Apigee Info
We're using OPDK, but this is a bug in the Drupal module, it should be present with Apigee X and Apigee Edge as well.
Steps to Reproduce
Steps to reproduce the behavior:
Actual Behavior
The invited user will be listed in the "Pending Invitations", but the Roles column is empty.
Expected Behavior
Those who can invite users should be able to see the Roles of invited-but-not-yet-member users.
Screenshots
As a team admin, but without the site-wide "Administer teams" permission (see Notes below):
As a user having the site-wide "Administer teams" permission:
Notes
With the site-wide "Administer teams" permission, this Roles column is populated. However, this allows the user much more than that, with undesirable side effects (including having admin access to ALL teams, even the ones the user is not a member of). This permission also says
Warning: Give to trusted roles only; this permission has security implications. Administer module configure and manage any team and team apps.
so it should not be granted to all authenticated users. Currently, there is no team-level permission that allows team admins seeing this info.Version Info
The text was updated successfully, but these errors were encountered: