← Back to team overview

mahara-contributors team mailing list archive

  1. mahara-contributors team
  2. Mailing list archive
  3. Message #36969

[Bug 1609200] A change has been merged

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://reviews.mahara.org/6809
Committed: https://git.mahara.org/mahara/mahara/commit/7cd868125963731ecda8d2323984e6aea5430b22
Submitter: Robert Lyon (robertl@xxxxxxxxxxxxxxx)
Branch:    15.10_STABLE

commit 7cd868125963731ecda8d2323984e6aea5430b22
Author: Aaron Wells <aaronw@xxxxxxxxxxxxxxx>
Date:   Wed Aug 3 14:23:08 2016 +1200

Bug 1609200: Limit group config to group's admins

behatnotneeded: Test to come later

Change-Id: Ibbb574c67d80e3fd6a139752590bdd602e822f88
(cherry picked from commit 47905d70a15798ef7cad3ed1b5c63bf530e1ef3c)

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1609200

Title:
  Non-admin role users can edit group settings

Status in Mahara:
  Fix Committed
Status in Mahara 15.04 series:
  Fix Committed
Status in Mahara 15.10 series:
  Fix Committed
Status in Mahara 16.04 series:
  Fix Committed
Status in Mahara 16.10 series:
  Fix Committed

Bug description:
  Only the admin of a group should be able to change the group's
  settings (via group/edit.php). But any member of a group can view and
  edit the settings if they go to the URL directly:

  * http://my.mahara/group/edit.php?id=3

  There is no check to make sure the user has admin role.

  To replicate:

  1. Create a group as User 1. Note the group's id
  2. Add User 2 to the group as a "member" (not an "admin")
  3. Log in as User 2
  4. Type in e.g. http://my.mahara/group/edit.php?id=X , where X is the group's ID

  Expected result: You get an error message saying "You can't edit this
  group"

  Actual result: You see the group config page, and you can make changes
  and they will be saved.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1609200/+subscriptions

References

  Thread PreviousDate PreviousThread Next