Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Private teams: On the bookings page, you can see ALL team members even if private (under the filtering tab) #18849

Open
ASTRAAdvertising opened this issue Jan 23, 2025 · 3 comments
Open

Private teams: On the bookings page, you can see ALL team members even if private (under the filtering tab) #18849

ASTRAAdvertising opened this issue Jan 23, 2025 · 3 comments
Labels
bookings area: bookings, availability, timezones, double booking 🐛 bug Something isn't working teams area: teams, round robin, collective, managed event-types

Comments

@ASTRAAdvertising
Copy link

Found a bug? Please fill out the sections below. 👍

Issue Summary

A summary of the issue. This needs to be a clear detailed-rich summary.

Steps to Reproduce

  1. Have a team on cal.com
  2. Go to bookings
  3. Click filter
  4. Click people
  5. You can see all team members even if it is a private team...
Image

Any other relevant information. For example, why do you consider this a bug and what did you expect to happen instead?

ONLY ADMINS should have this ability.

Actual Results

  • You can see all team members, even if you are hiding users from eachother within the team. itll hide call information, but still showing the person under the filter options.

Expected Results

  • Shouldn't be able to SEE other team members under this filter UNLESS YOU ARE AN ADMIN FOR THE TEAM.
  • Right now it blocks any booked call info - but you can still see team members?
@ASTRAAdvertising ASTRAAdvertising added the 🐛 bug Something isn't working label Jan 23, 2025
@dosubot dosubot bot added bookings area: bookings, availability, timezones, double booking teams area: teams, round robin, collective, managed event-types labels Jan 23, 2025
@ASTRAAdvertising
Copy link
Author

Any update here

@ASTRAAdvertising
Copy link
Author

Seems like a big security/privacy problem

@ASTRAAdvertising
Copy link
Author

Any update here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bookings area: bookings, availability, timezones, double booking 🐛 bug Something isn't working teams area: teams, round robin, collective, managed event-types
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ASTRAAdvertising