ID: 0951
Title: table servicegroups: fixed service visibility when using group_authorization
AUTH_STRICT
Component: Livestatus
Level: 1
Class: Bug Fix
Version: 1.2.5i5
This only applies with the setting group_authorization = AUTH_STRICT
When an auth user was given the livestatus table servicegroups did not check if the auth
user had permissions to all objects of the servicegroup.
As a result the user was able to view servicegroups, even if he was not a contact for
every object in it.
However, the "forbidden" object itself was not returned, just a subset of the
group.
This was incorrect. The user needs to be contact of every element in this group.
Otherwise he should not see the group at all..