Closed Bug 285965 Opened 20 years ago Closed 20 years ago

Can turn this bit on for other users - doesn't work

Categories

(Bugzilla :: User Accounts, defect)

Product:
Bugzilla
Component:
User Accounts
Version:
2.18
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: jnielsen, Unassigned)

Details

User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Build Identifier: Internet Explorer 6.0 SP2

When assigning the "User is a member of these groups" but not "Can turn this 
bit on for other users" users are still able to turn the bits on for other 
users.
 
I.e.: If "Editusers: Can edit or disable users" is given to a user, with no 
rights to give it to other users, the user will still be able to do that. The 
user will even be able to add/remove higher priviliges to other accounts and 
themselves.

Reproducible: Always

Steps to Reproduce:
1. Create a user with the "Editusers: Can edit or disable users" flagged, but 
where "Can turn this bit on for other users" is unflagged.
2. Log in as the user and try to change the righs for the user itself and other 
users.
3.

Actual Results:  
The rights for the account(s) are changed respectively

Expected Results:  
The rights shouldn't be changed, instead a message telling that the user is not 
permitted to perform the operation should occur.
Version: unspecified → 2.18
Editusers lets someone edit everythign about every user.
The "can turn this bit on for others" bit enables users who dont have editusers
to do only that.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.