Continuum

Project group admin should not be able to grant system-wide roles to himself

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 1.2
  • Fix Version/s: 1.2
  • Component/s: Web - Security
  • Labels:
    None
  • Complexity:
    Intermediate
  • Number of attachments :
    1

Description

As a project group admin for a single group, I am able to edit my user account and grant any role up to and including system administrator.

A project group admin should be able to grant the roles for his own project group to other users. He should not be able to elevate his own permissions.

Issue Links

depends upon

Bug - A problem which impairs or prevents the functions of the product. REDBACK-160 non-system-administrator or non-user-administrator should not be able to grant administrator roles

  • Major - Major loss of function.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.
relates to

Bug - A problem which impairs or prevents the functions of the product. CONTINUUM-1783 a project administrator is acting like a user administrator

  • Major - Major loss of function.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Wendy Smoak added a comment -

Attaching continuum-user-edit.pdf showing all the options available to a user who currently only has a single project group admin role.

The first page of the user edit form showing the effective roles can be seen attached to CONTINUUM-1865.

Show
Wendy Smoak added a comment - Attaching continuum-user-edit.pdf showing all the options available to a user who currently only has a single project group admin role. The first page of the user edit form showing the effective roles can be seen attached to CONTINUUM-1865 .
Hide
Permalink
Jevica Arianne B. Zurbano added a comment -

Fix in http://jira.codehaus.org/browse/REDBACK-160 will also fix this.

Show
Jevica Arianne B. Zurbano added a comment - Fix in http://jira.codehaus.org/browse/REDBACK-160 will also fix this.
Hide
Permalink
Wendy Smoak added a comment -

We'll need a new release of Redback to fix this.

Show
Wendy Smoak added a comment - We'll need a new release of Redback to fix this.
Hide
Permalink
Olivier Lamy added a comment -

upgrade to redback 1.1.1 done in rev 696596
Thanks for the fast release

Show
Olivier Lamy added a comment - upgrade to redback 1.1.1 done in rev 696596 Thanks for the fast release

People

  • Assignee:
    Olivier Lamy
    Reporter:
    Wendy Smoak
Vote (0)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved: