gilbert marx created ZEPPELIN-3096:
--------------------------------------
Summary: a non owner of a note can change notes permissions
Key: ZEPPELIN-3096
URL: https://issues.apache.org/jira/browse/ZEPPELIN-3096
Project: Zeppelin
Issue Type: Bug
Components: security
Affects Versions: 0.7.3
Environment: linux ubuntu 17.10
Reporter: gilbert marx
when i am on a note as a user that is only Reader , i can change the
permissions on this note and it is succsessfully done.
example:
admin is owner and writer on thie note and jdcuser is reader. I am loged as
jdcuser
then i can add jdcuser as owner and writer and when Save this, it is done
successfuly.
the other permissions are ok; jdcuser can't access to interpretter or to change
the mode of the note.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
