You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@continuum.apache.org by "Wendy Smoak (JIRA)" <ji...@codehaus.org> on 2008/09/19 16:51:48 UTC
[jira] Created: (CONTINUUM-1889) Project group admin should not be
able to move a project into a group he does not have access to
Project group admin should not be able to move a project into a group he does not have access to
------------------------------------------------------------------------------------------------
Key: CONTINUUM-1889
URL: http://jira.codehaus.org/browse/CONTINUUM-1889
Project: Continuum
Issue Type: Bug
Components: Project Grouping
Affects Versions: 1.2
Reporter: Wendy Smoak
On the editProjectGroup.action page, a project group admin is allowed to move a project into _any_ other group, even if he does not have admin permissions there.
The "Move to Group" drop downs should only contain groups for which the current user is an admin, and moves to other groups should be prevented.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Reopened: (CONTINUUM-1889) Project group admin should not be
able to move a project into a group he does not have access to
Posted by "Emmanuel Venisse (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-1889?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Venisse reopened CONTINUUM-1889:
-----------------------------------------
Good question, I'll test it.
> Project group admin should not be able to move a project into a group he does not have access to
> ------------------------------------------------------------------------------------------------
>
> Key: CONTINUUM-1889
> URL: http://jira.codehaus.org/browse/CONTINUUM-1889
> Project: Continuum
> Issue Type: Bug
> Components: Project Grouping
> Affects Versions: 1.2
> Reporter: Wendy Smoak
> Assignee: Emmanuel Venisse
> Fix For: 1.2.1
>
>
> On the editProjectGroup.action page, a project group admin is allowed to move a project into _any_ other group, even if he does not have admin permissions there.
> The "Move to Group" drop downs should only contain groups for which the current user is an admin, and moves to other groups should be prevented.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Closed: (CONTINUUM-1889) Project group admin should not be
able to move a project into a group he does not have access to
Posted by "Emmanuel Venisse (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-1889?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Venisse closed CONTINUUM-1889.
---------------------------------------
Resolution: Fixed
Fixed.
Committed in r.699171
> Project group admin should not be able to move a project into a group he does not have access to
> ------------------------------------------------------------------------------------------------
>
> Key: CONTINUUM-1889
> URL: http://jira.codehaus.org/browse/CONTINUUM-1889
> Project: Continuum
> Issue Type: Bug
> Components: Project Grouping
> Affects Versions: 1.2
> Reporter: Wendy Smoak
> Assignee: Emmanuel Venisse
> Fix For: 1.2.1
>
>
> On the editProjectGroup.action page, a project group admin is allowed to move a project into _any_ other group, even if he does not have admin permissions there.
> The "Move to Group" drop downs should only contain groups for which the current user is an admin, and moves to other groups should be prevented.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Assigned: (CONTINUUM-1889) Project group admin should not be
able to move a project into a group he does not have access to
Posted by "Maria Catherine Tan (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-1889?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Maria Catherine Tan reassigned CONTINUUM-1889:
----------------------------------------------
Assignee: Maria Catherine Tan
> Project group admin should not be able to move a project into a group he does not have access to
> ------------------------------------------------------------------------------------------------
>
> Key: CONTINUUM-1889
> URL: http://jira.codehaus.org/browse/CONTINUUM-1889
> Project: Continuum
> Issue Type: Bug
> Components: Project Grouping
> Affects Versions: 1.2
> Reporter: Wendy Smoak
> Assignee: Maria Catherine Tan
> Fix For: 1.2.1
>
>
> On the editProjectGroup.action page, a project group admin is allowed to move a project into _any_ other group, even if he does not have admin permissions there.
> The "Move to Group" drop downs should only contain groups for which the current user is an admin, and moves to other groups should be prevented.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CONTINUUM-1889) Project group admin should not
be able to move a project into a group he does not have access to
Posted by "Wendy Smoak (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-1889?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=148943#action_148943 ]
Wendy Smoak commented on CONTINUUM-1889:
----------------------------------------
Emmanuel, does this actually prevent the move from taking place, or only the wrong projects from showing in the select list?
That is, could I still do it by constructing a url or form with the right values, and submitting it?
> Project group admin should not be able to move a project into a group he does not have access to
> ------------------------------------------------------------------------------------------------
>
> Key: CONTINUUM-1889
> URL: http://jira.codehaus.org/browse/CONTINUUM-1889
> Project: Continuum
> Issue Type: Bug
> Components: Project Grouping
> Affects Versions: 1.2
> Reporter: Wendy Smoak
> Assignee: Emmanuel Venisse
> Fix For: 1.2.1
>
>
> On the editProjectGroup.action page, a project group admin is allowed to move a project into _any_ other group, even if he does not have admin permissions there.
> The "Move to Group" drop downs should only contain groups for which the current user is an admin, and moves to other groups should be prevented.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Closed: (CONTINUUM-1889) Project group admin should not be
able to move a project into a group he does not have access to
Posted by "Emmanuel Venisse (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-1889?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Venisse closed CONTINUUM-1889.
---------------------------------------
Assignee: Emmanuel Venisse (was: Maria Catherine Tan)
Resolution: Fixed
Done.
Fixed in rev.698817
> Project group admin should not be able to move a project into a group he does not have access to
> ------------------------------------------------------------------------------------------------
>
> Key: CONTINUUM-1889
> URL: http://jira.codehaus.org/browse/CONTINUUM-1889
> Project: Continuum
> Issue Type: Bug
> Components: Project Grouping
> Affects Versions: 1.2
> Reporter: Wendy Smoak
> Assignee: Emmanuel Venisse
> Fix For: 1.2.1
>
>
> On the editProjectGroup.action page, a project group admin is allowed to move a project into _any_ other group, even if he does not have admin permissions there.
> The "Move to Group" drop downs should only contain groups for which the current user is an admin, and moves to other groups should be prevented.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (CONTINUUM-1889) Project group admin should not be
able to move a project into a group he does not have access to
Posted by "Emmanuel Venisse (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-1889?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Venisse updated CONTINUUM-1889:
----------------------------------------
Fix Version/s: 1.2.1
> Project group admin should not be able to move a project into a group he does not have access to
> ------------------------------------------------------------------------------------------------
>
> Key: CONTINUUM-1889
> URL: http://jira.codehaus.org/browse/CONTINUUM-1889
> Project: Continuum
> Issue Type: Bug
> Components: Project Grouping
> Affects Versions: 1.2
> Reporter: Wendy Smoak
> Fix For: 1.2.1
>
>
> On the editProjectGroup.action page, a project group admin is allowed to move a project into _any_ other group, even if he does not have admin permissions there.
> The "Move to Group" drop downs should only contain groups for which the current user is an admin, and moves to other groups should be prevented.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira