Security issue: projects are visible without permissions
envirosolutionspl opened this issue · 4 comments
envirosolutionspl commented
saberraz commented
Is this Mergin Maps CE?
envirosolutionspl commented
@saberraz yes
tomasMizera commented
can you please check if you are using one of these env variable: GLOBAL_ADMIN
, GLOBAL_WRITE
or GLOBAL_READ
?
https://merginmaps.com/docs/dev/mergince/#data-synchronisation-and-user-management
tomasMizera commented
Hi @envirosolutionspl and @saberraz,
I tested this myself and here are the results:
GLOBAL_READ
env variable is set totrue
by default, which makes everyone to see all projects - just read, no edit- this might be misleading for people - I will adjust the logic so that by default nobody see others projects, unless explicitly shared or set via
GLOBAL_X
variable.
- this might be misleading for people - I will adjust the logic so that by default nobody see others projects, unless explicitly shared or set via