web2project: web-based project management
Main | My View | View Issues | Change Log | Roadmap | Docs
  

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0000339 [v2.1 Release (Under Development)] Permissions major always 2009-12-20 23:00 2010-06-28 17:47
Reporter KrzysztofKamil View Status public  
Assigned To
Priority immediate Resolution open  
Status acknowledged  
Summary 0000339: User with "add/edit user" permissions can get control over system.
Description Describe bug for your know how you want.
http://forums.web2project.net/viewtopic.php?p=3749#3749 [^]
Additional Information
Tags No tags attached.
Attached Files

- Relationships

-  Notes
(0000975)
caseydk (administrator)
2010-06-06 13:01

 In r1156, I wrapped the Roles list to make sure only Admins can create other Admins.

In r1168, I wrapped the Permissions list to make sure only Admins can add Admin permissions.


While this wraps the immediate concern, there are some more things that need to be resolved with this one. For example, someone that has User Admin access but is limited in what companies they can see, can grant themselves access to any/all companies.

- Issue History
Date Modified Username Field Change
2009-12-20 23:00 KrzysztofKamil New Issue
2009-12-23 23:45 caseydk Status new => assigned
2009-12-23 23:45 caseydk Assigned To => caseydk
2009-12-23 23:47 caseydk Project Pending Requests => v1.3 Release
2009-12-23 23:48 caseydk Priority normal => immediate
2010-03-31 19:50 caseydk Project v1.3 Release => v2.0 Release (Current)
2010-06-06 13:01 caseydk Note Added: 0000975
2010-06-06 13:01 caseydk Assigned To caseydk =>
2010-06-06 13:01 caseydk Status assigned => acknowledged
2010-06-06 13:01 caseydk Project v2.0 Release (Current) => Pending Requests
2010-06-28 17:47 caseydk Project Pending Requests => v2.1 Release (Under Development)

Mantis 1.1.8[^]
Copyright © 2000 - 2009 Mantis Group
Powered by Mantis Bugtracker