Meeting creation: permission problem

[Elblinator]

Description:
When creating new meetings, it is possible for all committee admins to access the entire pool of ALL active meetings and use them as a basis for a new meeting. This is incorrect behavior, as it allows access to meeting for which a committee admin previously had no access.

Example image - committee admin have access to all active meetings

Reproduction:

1. create two committees (A and B)
2. create in both committees a meeting which is active
3. create a new user XYZ and add to committee A as committee admin
4. Log in as user XYZ and open committee A
5. create a new meeting. in the "duplicate from" field the meeting from committee B is visible

What should happen?
When creating new meetings by duplication, it should only be possible duplicate from meetings from the same committee or from meeting templates.
Meetings for which the committee admin does not have access authorization, i.e. which are not part of the committee or a template, should not be displayed in the list of possible meetings for duplication.

[ostcar]

I think, this has to be fixed in the backend. The autoupdate does not clone

[ostcar]

If it is only the display, then it has to be fixed in the client. If you want to change a restrictor, I need more information, what field should be restricted. Currently, all meeting names can be seen by everyone.

[MSoeb]

The problem was solved during developement of OS version 4.1.14. The 'Duplicate from..'-field now only shows templates and no other meetings for ALL admins.