Continuum

project admin cannot assign project roles to users

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 1.1-beta-3
  • Fix Version/s: 1.2
  • Component/s: Web - Security
  • Labels:
    None
  • Complexity:
    Intermediate
  • Number of attachments :
    0

Description

This may have since been fixed, but we're seeing in 1.1-beta-3 that if a user with project admin rights tries to assign a role in their project to another user, they get an exception about ModelRole not being able to be cast to Role

Issue Links

is related to

Bug - A problem which impairs or prevents the functions of the product. CONTINUUM-1794 project admin can assign another project's roles to users

  • Critical - Crashes, loss of data, severe memory leak.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
SebbASF added a comment -

Sample error message:

HTTP ERROR: 500

org.codehaus.plexus.redback.role.model.ModelRole cannot be cast to
org.codehaus.plexus.redback.rbac.Role

RequestURI=/continuum/security/assignments.action

Show
SebbASF added a comment - Sample error message: HTTP ERROR: 500 org.codehaus.plexus.redback.role.model.ModelRole cannot be cast to org.codehaus.plexus.redback.rbac.Role RequestURI=/continuum/security/assignments.action
Hide
Permalink
Maria Catherine Tan added a comment -

I think this has been fixed already.

Right now the error is gone but a project admin of A can also assign project roles of B to users.

Show
Maria Catherine Tan added a comment - I think this has been fixed already. Right now the error is gone but a project admin of A can also assign project roles of B to users.
Hide
Permalink
Wendy Smoak added a comment -

Marica, can you open a new issue for that? It's a security violation... a project admin of A shouldn't even see the roles for project B.

Show
Wendy Smoak added a comment - Marica, can you open a new issue for that? It's a security violation... a project admin of A shouldn't even see the roles for project B.
Hide
Permalink
Brett Porter added a comment -

was reported as fixed

Show
Brett Porter added a comment - was reported as fixed

People

  • Assignee:
    Brett Porter
    Reporter:
    Brett Porter
Vote (1)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved: