Closed
Bug 294604
Opened 19 years ago
Closed 19 years ago
User in editcomponents group can edit products for which he has no accessrights
Categories
(Bugzilla :: Administration, task)
Tracking
()
VERIFIED
DUPLICATE
of bug 271596
People
(Reporter: alexanderkraus, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 If you include a user into 'editcomponents' group, this user can edit products he usually can't access. Example: The user can access product1 and product2 and he can't access prooduct3. If he is in editcomponents he can change all fields of all products! Reproducible: Always Steps to Reproduce: 1. include user into editcomponents 2. user can edit all products and not only this for which he usually has accessrights Expected Results: The User should only able to edit the products he has accessrights for.
Reporter | ||
Updated•19 years ago
|
Version: unspecified → 2.18
Comment 1•19 years ago
|
||
*** This bug has been marked as a duplicate of 271596 ***
Group: webtools-security
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•