'Project Developer' role has rights to delete project group to which he is assign to.

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 1.2
  • Fix Version/s: 1.2.1
  • Component/s: Security
  • Labels:
    None
  • Complexity:
    Intermediate

Description

Developer should be able to delete projects from the group, but not the group itself.

  1. Text File
    continuum-1919-continuum-security.patch
    07/Oct/08 4:22 AM
    1 kB
    Jevica Arianne B. Zurbano
  2. Text File
    continuum-1919-security.patch
    08/Oct/08 1:03 AM
    1 kB
    Jevica Arianne B. Zurbano

Issue Links

depends upon

Improvement - An improvement or enhancement to an existing feature or task. CONTINUUM-1925 Ability to edit role's permissions

  • Major - Major loss of function.
  • Open - The issue is open and ready for the assignee to start work on it.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Jevica Arianne B. Zurbano added a comment -

Attached patch.

  • removed the delete project group right of a Project Developer
Show
Jevica Arianne B. Zurbano added a comment - Attached patch.
  • removed the delete project group right of a Project Developer
Hide
Permalink
Maria Catherine Tan added a comment -

There's a bug with this patch.

As a project group administrator:
I can still delete all project groups. (Ok)

As a project group developer:
I can no longer delete a project group. (OK)

As a project administrator of a certain resource:
I can no longer delete the project group even if I have a project admin role for that group. (BUG)

As a project developer of a certain resource:
I can no longer delete that group. (OK)

Show
Maria Catherine Tan added a comment - There's a bug with this patch. As a project group administrator: I can still delete all project groups. (Ok) As a project group developer: I can no longer delete a project group. (OK) As a project administrator of a certain resource: I can no longer delete the project group even if I have a project admin role for that group. (BUG) As a project developer of a certain resource: I can no longer delete that group. (OK)
Hide
Permalink
Maria Catherine Tan added a comment -

Maybe you could move the "continuum-remove-group" permission under the project-administrator template instead

Show
Maria Catherine Tan added a comment - Maybe you could move the "continuum-remove-group" permission under the project-administrator template instead
Hide
Permalink
Jevica Arianne B. Zurbano added a comment -

continuum-1919-security.patch: "continuum-remove-group" permission moved to Project Administrator template.

Thanks!

Show
Jevica Arianne B. Zurbano added a comment - continuum-1919-security.patch: "continuum-remove-group" permission moved to Project Administrator template. Thanks!
Hide
Permalink
Maria Catherine Tan added a comment -

Fixed in revision 703287. Thanks!

Show
Maria Catherine Tan added a comment - Fixed in revision 703287. Thanks!
Hide
Permalink
Maria Catherine Tan added a comment -

The fix only affects new db.

For existing db, we need a way to edit permissions attached to a role.

Show
Maria Catherine Tan added a comment - The fix only affects new db. For existing db, we need a way to edit permissions attached to a role.

People

  • Assignee:
    Maria Catherine Tan
    Reporter:
    Piotr Krzysztoporski
Vote (8)
Watch (3)

Dates

  • Created:
    Updated:
    Resolved: