Closed Bug 294604 Opened 19 years ago Closed 19 years ago

User in editcomponents group can edit products for which he has no accessrights

Categories

(Bugzilla :: Administration, task)

Product:
Bugzilla
Component:
Administration
Version:
2.18
Platform:
x86
Windows 2000
Type:
task
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED DUPLICATE of bug 271596

People

(Reporter: alexanderkraus, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7.7) Gecko/20050414 Firefox/1.0.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7.7) Gecko/20050414 Firefox/1.0.3

If you include a user into 'editcomponents' group, this user can edit products
he usually can't access.
Example:
The user can access product1 and product2 and he can't access prooduct3.
If he is in editcomponents he can change all fields of all products!

Reproducible: Always

Steps to Reproduce:
1. include user into editcomponents
2. user can edit all products and not only this for which he usually has
accessrights



Expected Results:  
The User should only able to edit the products he has accessrights for.
Version: unspecified → 2.18

*** This bug has been marked as a duplicate of 271596 ***
Group: webtools-security
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.