Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Incomplete
-
2.4.0
-
None
Description
The History Server shows all the applications to all the users, even though they have no permission to read them. They cannot read the details of the applications they cannot access, but still anybody can list all the applications submitted by all users.
For instance, if we have an admin user admin and two normal users u1 and u2, and each of them submitted one application, all of them can see in the main page of SHS:
App ID | App Name | ... | Spark User | ... |
---|---|---|---|---|
app-123456789 | The Admin App | .. | admin | ... |
app-123456790 | u1 secret app | .. | u1 | ... |
app-123456791 | u2 secret app | .. | u2 | ... |
Then clicking on each application, the proper permissions are applied and each user can see only the applications he has the read permission for.
Instead, each user should see only the applications he has the permission to read and he/she should not be able to see applications he has not the permissions for.