|Anonymous | Login | Signup for a new account||2020-04-06 18:15 UTC|
|Main | My View | View Issues | Change Log | My Account|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0007454||TestLink||Users and Rights||public||2016-03-01 08:38||2016-09-08 15:13|
|Product Version||1.9.14 (2015 Q3)|
|Fixed in Version||1.9.15 (2015 Q4)|
|Summary||0007454: User rights : A non admin user can grant admin access to itself and/or to others via Roles management.|
|Description||A non admin user can grant access to admin section to itself or to others via Roles management. |
Proposed solution : Admin role could be hidden in "Assign Test Project Roles" and "Assign Test Plan Roles".
Admin role should be global only (in my mind). In bug 0007038, note 0007038:0023014 seems to confirm that dev team share this vision.
|Steps To Reproduce|
- role assignement is checked for role "leader" for testplan and testproject
- issue tracker management is unchecked for role "leader", checked for admin role
- custom field management is unchecked for role "leader", checked for admin role
as admin :
1) create a new user "user1", profile " "no_rights"
2) create a new project "pro1"
3) create a new project "pro2"
4) add user1 as "leader" in project "pro1". user1 still have NO_RIGHTS on pro2.
5) create a new Custom Field, NOT USED by pro1, USED by pro2
as "user1" :
1) go issue tracker management => user1 can view if configured, but can't edit => as configured by admin
2) custom field section is not displayed => as configured by admin
3) go to "Assign users roles"
4) select "admin" for "user1" in project "pro1"
5) go issue tracker management => user1 can now edit ITM (even modify ITM that are not used by pro1)
6) custom field section is now displayed. user1 can access this section and MODIFY Custom Field (including CF used by projects where user has no rights, like CF used in pro2)
|Tags||No tags attached.|
|QA Team - Task Workflow Status||READY FOR TESTING|
|Now admin option will be removed from options|
|works fine, but I had to apply workaround from 0007459 to test it|
|1.9.15 Released - 2016-09-08|
|2016-03-01 08:38||Mr.Bricodage||New Issue|
|2016-03-05 08:14||fman||Note Added: 0024566|
|2016-03-05 08:19||fman||QA Team - Task Workflow Status||=> READY FOR TESTING|
|2016-03-05 08:19||fman||Note Added: 0024567|
|2016-03-05 08:19||fman||Status||new => resolved|
|2016-03-05 08:19||fman||Fixed in Version||=> 1.9.15 (2015 Q4)|
|2016-03-05 08:19||fman||Resolution||open => fixed|
|2016-03-05 08:19||fman||Assigned To||=> fman|
|2016-03-05 18:23||Mr.Bricodage||Note Added: 0024571|
|2016-09-08 15:13||fman||Note Added: 0025277|
|2016-09-08 15:13||fman||Status||resolved => closed|
|Copyright © 2000 - 2020 MantisBT Team|