Closed
Bug 837968
Opened 11 years ago
Closed 11 years ago
Allow updating of user's groups via RPC
Categories
(Bugzilla :: WebService, enhancement)
Tracking
()
RESOLVED
DUPLICATE
of bug 469196
People
(Reporter: mail, Assigned: mail)
Details
Attachments
(1 file)
5.48 KB,
patch
|
Details | Diff | Splinter Review |
Allows updates to a user's group privilege via RPC
Assignee | ||
Comment 1•11 years ago
|
||
Attachment #709986 -
Flags: review?(glob)
Comment 2•11 years ago
|
||
Where are ACLs handled to ensure the user submitting this request has access to modify that user's groups (and has bless privs for the groups in question)?
Assignee | ||
Comment 3•11 years ago
|
||
(In reply to Reed Loden [:reed] from comment #2) > Where are ACLs handled to ensure the user submitting this request has access > to modify that user's groups (and has bless privs for the groups in > question)? Bugzilla/WebService/User.pm, sub update 252 # Reject access if there is no sense in continuing. 253 $user->in_group('editusers') 254 || ThrowUserError("auth_failure", {group => "editusers", 255 action => "edit", 256 object => "users"}); Since being in editusers group trumps individual bless group rights, there was no point in checking bless rights for a particular group. -- simon
That's not a good idea to write the SQL queries on WebServices interface. Also, there is already such bug: bug 469196 which depends on bug 442013.
Assignee | ||
Updated•11 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Assignee | ||
Updated•11 years ago
|
Attachment #709986 -
Flags: review?(glob)
You need to log in
before you can comment on or make changes to this bug.
Description
•