You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have updated to the latest available Home Assistant version.
I have cleared the cache of my browser.
I have tried a different browser to see if it is related to my browser.
I have tried reproducing the issue in safe mode to rule out problems with unsupported custom resources.
Describe the issue you are experiencing
I have set a user, lets call it MyNonAdmin user, with visibility rights only to 2 of 4 Views and only 1 of 2 dashboards.
Lovelace Dashboard (default) with views /Lovelace/0 and /Lovelace/1
Other Dashboard with views /Other/0, /Other/1, /Other/2, /Other/3
MyNonAdmin user is set to have visibility rights ONLY to views /Other/2 and /Other/3.
This works ok if only mouse is used to browse the interface, like NONE of Lovelace views is visible, only Lovelace Overview tab in side bar and only /Other/2, /Other/3 views tabs.
BUT, when I log with MyNonAdmin user in Chrome Incognito, if I manually change url from /Other/2, /Other/3 which are allowed to /Other/0, /Other/1 from same dashboard, with should not be allowed to view, I can see the content of those tabs, 0 and 1.
Further more, if change the url to /Lovelace/0 or /Lovelace/1, I can see also those views and their content, same as Admin user would see it.
Describe the behavior you expected
Visibility rights should not allow a user to view pages not assigned to it, no matter how it reaches those urls.
Steps to reproduce the issue
Create a new dashboard and add 2 or more views
Create a new non-admin user
Set visibility for new user to only 1 of the new dashboard views, let's say /mydashboad/0 only
Login with this user
Manually change the url from /mydashboad/0 to /mydashboad/1 or /lovelace/0, /lovelace/1
You should not be able to see the content of those views not set for visibility
What version of Home Assistant Core has the issue?
2024.4.3
What was the last working version of Home Assistant Core?
No response
In which browser are you experiencing the issue with?
Google Chrome 124.0.6367.92 (Official Build) (64-bit)
Which operating system are you using to run this browser?
Windows 10 Home (64-bit)
State of relevant entities
No response
Problem-relevant frontend configuration
No response
Javascript errors shown in your browser console/inspector
No response
Additional information
No response
The text was updated successfully, but these errors were encountered:
Checklist
Describe the issue you are experiencing
I have set a user, lets call it MyNonAdmin user, with visibility rights only to 2 of 4 Views and only 1 of 2 dashboards.
Lovelace Dashboard (default) with views /Lovelace/0 and /Lovelace/1
Other Dashboard with views /Other/0, /Other/1, /Other/2, /Other/3
MyNonAdmin user is set to have visibility rights ONLY to views /Other/2 and /Other/3.
This works ok if only mouse is used to browse the interface, like NONE of Lovelace views is visible, only Lovelace Overview tab in side bar and only /Other/2, /Other/3 views tabs.
BUT, when I log with MyNonAdmin user in Chrome Incognito, if I manually change url from /Other/2, /Other/3 which are allowed to /Other/0, /Other/1 from same dashboard, with should not be allowed to view, I can see the content of those tabs, 0 and 1.
Further more, if change the url to /Lovelace/0 or /Lovelace/1, I can see also those views and their content, same as Admin user would see it.
Describe the behavior you expected
Visibility rights should not allow a user to view pages not assigned to it, no matter how it reaches those urls.
Steps to reproduce the issue
What version of Home Assistant Core has the issue?
2024.4.3
What was the last working version of Home Assistant Core?
No response
In which browser are you experiencing the issue with?
Google Chrome 124.0.6367.92 (Official Build) (64-bit)
Which operating system are you using to run this browser?
Windows 10 Home (64-bit)
State of relevant entities
No response
Problem-relevant frontend configuration
No response
Javascript errors shown in your browser console/inspector
No response
Additional information
No response
The text was updated successfully, but these errors were encountered: