[Mahara-contributors] [Bug 1609200] A change has been merged

Sun, 07 Aug 2016 19:41:45 -0700 

Reviewed:  https://reviews.mahara.org/6810
Committed: 
https://git.mahara.org/mahara/mahara/commit/3e6b80bc736b8c0b74dc3cfe315d1ee7d023ee26
Submitter: Robert Lyon (robe...@catalyst.net.nz)
Branch:    15.04_STABLE

commit 3e6b80bc736b8c0b74dc3cfe315d1ee7d023ee26
Author: Aaron Wells <aar...@catalyst.net.nz>
Date:   Wed Aug 3 14:23:08 2016 +1200

Bug 1609200: Limit group config to group's admins

behatnotneeded: Test to come later

Change-Id: Ibbb574c67d80e3fd6a139752590bdd602e822f88
(cherry picked from commit 47905d70a15798ef7cad3ed1b5c63bf530e1ef3c)

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask 
on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1609200

Title:
  Non-admin role users can edit group settings

Status in Mahara:
  Fix Committed
Status in Mahara 15.04 series:
  Fix Committed
Status in Mahara 15.10 series:
  Fix Committed
Status in Mahara 16.04 series:
  Fix Committed
Status in Mahara 16.10 series:
  Fix Committed

Bug description:
  Only the admin of a group should be able to change the group's
  settings (via group/edit.php). But any member of a group can view and
  edit the settings if they go to the URL directly:

  * http://my.mahara/group/edit.php?id=3

  There is no check to make sure the user has admin role.

  To replicate:

  1. Create a group as User 1. Note the group's id
  2. Add User 2 to the group as a "member" (not an "admin")
  3. Log in as User 2
  4. Type in e.g. http://my.mahara/group/edit.php?id=X , where X is the group's 
ID

  Expected result: You get an error message saying "You can't edit this
  group"

  Actual result: You see the group config page, and you can make changes
  and they will be saved.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1609200/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~mahara-contributors
Post to     : mahara-contributors@lists.launchpad.net
Unsubscribe : https://launchpad.net/~mahara-contributors
More help   : https://help.launchpad.net/ListHelp

Reply via email to