State:Closed|icon_flix|icon_bug|database:public|Resolution:None|BugID:480730|TargetRelease:Flix 6.3.7|
Problem summary
Flix does not check group permissions when logging in through the API
Customer reported version
flix_6.3.5-2
Customer reported platform
Steps to reproduce
1) Create a show and a sequence which an user doesn't have access to
2) Try to log in to that show using the PDF creator script available here: https://github.com/TheFoundryVisionmongers/flix-scripts/tree/master/pdf
3) Try to access the show and sequence created in step #1 with a user who shouldn't have access to that show
Expected behaviour
User shouldn't be able to access the show
Actual behaviour
The user is able to open the show and create PDFs for any sequences
Workaround
Ask users to only use the Flix client.
Reproduced by support
This bug has been reproduced in:
6.3.6-2
We're sorry to hear that
Please tell us why