Project

General

Profile

Actions
Copy link

Defect #1071

closed

On the user's detail, I can see role requests of other users

Added by Marcel Poul about 6 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ondřej Kopr
Category:
Roles
Target version:
-
Start date:
04/13/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Garnet (7.7.0), Garnet (7.8.0), Garnet (7.8.1), Garnet (7.8.2), Garnet (7.8.3), Garnet (7.8.4), Garnet (7.8.5)
Owner:

Description

I created a new user. On its detail and the tab Role, there is a section "roles pending approval" which lists WF of OTHER users.

Logged in as admin (superAdminRole)
Affected version 7.7.0

This might be severe security problem. If so, please make a hotfix for both 7 and 8 versions.

Files

karel_simane_detail_roles.png (87.2 KB) karel_simane_detail_roles.png Marcel Poul, 04/13/2018 09:06 AM
Actions
Copy link
 #3

Updated by Marcel Poul about 6 years ago

I checked that the user itself (6565) does not see the WF himself.

Actions
Copy link
 #5

Updated by Radek Tomiška about 6 years ago

  • Assignee changed from Radek Tomiška to Ondřej Kopr
Actions
Copy link
 #6

Updated by Ondřej Kopr about 6 years ago

  • Priority changed from Urgent to Normal

This requests was show only for user with APP_ADMIN (superAdminRole). In version 8.0.0 it was fixed.

Actions
Copy link
 #7

Updated by Radek Tomiška over 3 years ago

  • Tracker changed from Task to Defect
  • Status changed from New to Closed
  • % Done changed from 0 to 100
  • Affected versions Garnet (7.7.0), Garnet (7.8.0), Garnet (7.8.1), Garnet (7.8.2), Garnet (7.8.3), Garnet (7.8.4), Garnet (7.8.5) added

Fixed since version 8.0.0 it was fixed.

Actions
Copy link

Also available in: Atom PDF