Closed Bug 285965 Opened 21 years ago Closed 21 years ago

Can turn this bit on for other users - doesn't work

Categories

(Bugzilla :: User Accounts, defect)

Product:
Bugzilla
Component:
User Accounts
Version:
2.18
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: jnielsen, Unassigned)

Details

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Build Identifier: Internet Explorer 6.0 SP2 When assigning the "User is a member of these groups" but not "Can turn this bit on for other users" users are still able to turn the bits on for other users. I.e.: If "Editusers: Can edit or disable users" is given to a user, with no rights to give it to other users, the user will still be able to do that. The user will even be able to add/remove higher priviliges to other accounts and themselves. Reproducible: Always Steps to Reproduce: 1. Create a user with the "Editusers: Can edit or disable users" flagged, but where "Can turn this bit on for other users" is unflagged. 2. Log in as the user and try to change the righs for the user itself and other users. 3. Actual Results: The rights for the account(s) are changed respectively Expected Results: The rights shouldn't be changed, instead a message telling that the user is not permitted to perform the operation should occur.
Version: unspecified → 2.18
Editusers lets someone edit everythign about every user. The "can turn this bit on for others" bit enables users who dont have editusers to do only that.
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.