Yeah to really test it you should use another browser where you are not logged in. Otherwise you might use your Cookie session id implicitly.
Thanks Seb 2016-07-25 14:43 GMT+12:00 Maxim Solodovnik <solomax...@gmail.com>: > Hello Andre, > > actually permissions are being checked [1] > I'll double-check this today (I hope I'll have enough time) > > [1] > https://github.com/apache/openmeetings/blob/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/util/RecordingResourceReference.java#L86 > > On Sat, Jul 23, 2016 at 8:02 AM, Andre Wruszczak <wruszc...@web.de> wrote: > >> Dear Openmeetings-Dev-Team, >> >> >> >> I have yet another question. >> >> >> >> Is it possible to force userid validation for recordings? >> Maybe because my browser is storing my sessionID, but when I switch >> users, all of them can see the recordings of other people if they try the >> url : >> http://localhost:5080/openmeetings/recordings/mp4/47 >> ->Anyone logged in can get access to all recordings if they are tenacious >> enough to try all the numbers. >> >> >> >> Maybe I have made a mistake while setting up OM? (Current Version 3.1.1) >> >> >> >> With lots of regards, >> >> Andre >> > > > > -- > WBR > Maxim aka solomax > -- Sebastian Wagner https://twitter.com/#!/dead_lock seba.wag...@gmail.com
