darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-07 20:03:33 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
92c6cca6a175fa277f2fe14c19486e94e560fc45
notifications-admin/tests
History
Chris Hill-Scott 92c6cca6a1 Don’t populate invite with users from other orgs 
We shouldn’t have a page where someone can look up any other user’s
email address based on their user ID.

We also don’t want a page where a malicious user could send someone an
link which would get them invited to the service.

Restricting the invite to be populated just from users in their own
organisation doesn’t mitigate against this stuff completely, but they
probably have a way of finding out the email address of someone in their
organisation already.
2020-12-31 14:47:00 +00:00
..
app
Don’t populate invite with users from other orgs
2020-12-31 14:47:00 +00:00
javascripts
Update liveSearch JS tests and test helpers
2020-12-15 12:08:09 +00:00
non_spreadsheet_files
spreadsheet_files
test_pdf_files
__init__.py
Show jobs on contact list
2020-11-30 13:54:54 +00:00
conftest.py
Don’t populate invite with users from other orgs
2020-12-31 14:47:00 +00:00