mahara-contributors team mailing list archive

Thread
Date

[Bug 492009] Re: Ordinary group members can be promoted to be an admin of "controlled" or "course" groups.

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: François Marier <francois@xxxxxxxxxx>
Date: Mon, 05 Sep 2011 23:04:54 -0000
Reply-to: Bug 492009 <492009@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: mahara
   Importance: Undecided => High

** Changed in: mahara
     Assignee: François Marier (fmarier) => Richard Mansfield (richard-mansfield)

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/492009

Title:
  Ordinary group members can be promoted to be an admin of "controlled"
  or "course" groups.

Status in Mahara ePortfolio:
  Fix Released

Bug description:
  Ordinary group members (those who are not site or institution admins
  or staff) can be promoted to be admins of "standard.controlled",
  "course.controlled" and "course.request" groups through
  Group->Members->"Change Role" interface (/group/changerole.php). This
  should not be permitted. When the ordinary user is promoted to be such
  admin, not only the error on group_get_grouptype_options() function
  call will pop-up (group type drop-down menu), as ordinary user can
  only be admin of invite/request/open standard groups, but also such
  user can remove original group admin and institution or site admin
  will end up having uncontrolled "course group".

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/492009/+subscriptions