Actions
Defect #1071
closedOn the user's detail, I can see role requests of other users
Status:
Closed
Priority:
Normal
Assignee:
Ondřej Kopr
Category:
Roles
Target version:
-
Start date:
04/13/2018
Due date:
% Done:
100%
Estimated time:
Affected versions:
Owner:
Description
I created a new user. On its detail and the tab Role, there is a section "roles pending approval" which lists WF of OTHER users.
Logged in as admin (superAdminRole)
Affected version 7.7.0
This might be severe security problem. If so, please make a hotfix for both 7 and 8 versions.
Files
Updated by Marcel Poul about 6 years ago
Updated by Marcel Poul about 6 years ago
I checked that the user itself (6565) does not see the WF himself.
Updated by Radek Tomiška about 6 years ago
- Assignee changed from Radek Tomiška to Ondřej Kopr
Updated by Ondřej Kopr about 6 years ago
- Priority changed from Urgent to Normal
This requests was show only for user with APP_ADMIN (superAdminRole). In version 8.0.0 it was fixed.
Updated by Radek Tomiška over 3 years ago
- Tracker changed from Task to Defect
- Status changed from New to Closed
- % Done changed from 0 to 100
- Affected versions Garnet (7.7.0), Garnet (7.8.0), Garnet (7.8.1), Garnet (7.8.2), Garnet (7.8.3), Garnet (7.8.4), Garnet (7.8.5) added
Fixed since version 8.0.0 it was fixed.
Actions