Cannot restrict privileges of ex-administrator

VERIFIED WORKSFORME

Status

()

Bugzilla
Administration
VERIFIED WORKSFORME
14 years ago
5 years ago

People

(Reporter: Pavel Rybnicek, Assigned: justdave)

Tracking

Details

(Reporter)

Description

14 years ago
User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Build Identifier: 

Hello,
I installed Bugzilla and established myself administrator. Now I created new 
account, set this new user as administrator and tried to restrict my 
privileges. It is not possible.

Reproducible: Always
Steps to Reproduce:
1. install Bugzilla
2. create new user
3. set this new user as administrator
4. restrict privileges of original administrator

Actual Results:  
Message
Cannot change permissions of superuser.

Expected Results:  
The permissions should be changed

I have Bugzilla version 16.5

I think the error is in editusers.cgi at line 771:

 if($groupsetold eq $::superusergroupset) ...

There should be a check that user ís not administrator, not the check the user 
has full permissions.

Comment 1

14 years ago
This is part of the design of 2.16 and is no longer true in 2.17/2.18

In any case, it will not be changed in the 2.16 branch.  You can create and
retire administrators manually in 2.16 by using the mysql command-line to change
the groupset.

Status: UNCONFIRMED → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → WORKSFORME
It is impractical to adequately test for this condition within the methods used
in 2.16.x to detect an administrator.  Your best bet in 2.16 is to run some SQL
from the mysql command line client...

UPDATE profiles SET groupset=0 WHERE login_name='oldadmin';

You *can* remove admin privs from other admins in 2.17.1 and newer.
(Reporter)

Comment 3

14 years ago
OK, thanks.
Status: RESOLVED → VERIFIED
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.