Conflict between manageUsers and admin roles
--------------------------------------------
Key: CONTINUUM-935
URL: http://jira.codehaus.org/browse/CONTINUUM-935
Project: Continuum
Issue Type: Bug
Affects Versions: 1.1
Environment: acegi branch
Reporter: Carlos Sanchez
Priority: Critical
An user with manageUsers role should not be able to assign the admin role to
anybody.
The problem expands to any role, i think the solution should be implemented in
UserManager
When getting the list of available groups for adding to an user it must not
return groups that have roles that the current user does not have. This must be
checked in the method that adds an user to a group too.
When adding roles to an user group, only the roles of the current user can be
added, to avoid people adding roles to their groups.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
