Question

Photo of Michael Garrison

0

Checkin Manager security

1

I just discovered quite by accident that the security for the checkinmanager page is set to allow "All Users" to view it. That appears to give access to anyone who knows the address to arbitrarily close rooms and get contact information for checked-in kids.

This is easy enough to fix by going to CMS -> Sites and clicking on the lock but it doesn't seem the best default if I'm correct and I thought you might want to change it in newer versions - maybe add something to the admin checklist to have people set the way they want it, for existing installations...?

Thanks!

  • Photo of Frank Grand

    0

    Michael,

    I see what you mean.  It does look like the security is set up so that all users can view, but only admins are supposed to edit or administrate....this looks like a bug!  If you don't mind, could you enter this as an issue for the core team at https://github.com/SparkDevNetwork/Rock/issues

    If not, I can enter it for you!