Bug 892816
Summary: | Recently removed project maintainer retains access to project maintainer actions. | ||
---|---|---|---|
Product: | [Retired] Zanata | Reporter: | Carlos Munoz <camunoz> |
Component: | Security | Assignee: | Alex Eng <aeng> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ding-Yi Chen <dchen> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 2.0 | CC: | aeng, sflaniga, zanata-bugs |
Target Milestone: | --- | ||
Target Release: | 2.1 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | 2.1-SNAPSHOT (20130108-1249) | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-02-26 04:06:30 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Carlos Munoz
2013-01-07 22:26:48 UTC
Security flaw when you remove yourself from maintainer list of a project, and yet you still able to add yourself back as maintainer. Implemented fix. Once removed, if you are no longer maintainer, it will redirect to project page. See https://github.com/zanata/zanata/commit/fa4adaf5a4000658a2750e8edc40c1a8bb30b361 Tested with Zanata version 2.1-SNAPSHOT (20130108-1004). The non-admin project maintainsers cannot remove themselves now. Which is not the expected behaviors. Reassigned. Implemented fix. See https://github.com/zanata/zanata/commit/f8125039cb68454b2bd43d5cb70c4ec63e30bb8d VERIFIED with Zanata version 2.1-SNAPSHOT (20130108-1249) |