Viewing table record details in a table modal show another record details? (Security)
Have this really weird bug that happen only in production
My filament v3 table has many rows and for a particular user, when he press the 'View Details' action on the table row, it shows another record details (sometimes)
This seem to only happen for that particular user and we have been unable to reproduce it anywhere & that is worryingly as it's a potential security risk (or maybe not since it's still a record the person is allowed to see i think, just that the it's a different record displayed). Hence wanted to ask if anybody else faced a similar issue too and if u all manage to find out what might be the reasons
Part of us wonder if it is a diffing bug or something else
1 Reply
I can't see where Filament would do that, unless you've got highly customized queries, or custom components that are introducing vulnerable logic.
Would need to see all your code, especially the places where you've
modifyQueryUsing or other query/join operations, or built custom components or customized any templates, etc.