Hide Forgot
Description of problem: groupmember could modify some jobs submitted by others Version-Release number of selected component (if applicable): beaker-devel Version 0.15.1rc1 How reproducible: some jobs Steps to Reproduce: 1. account1(xjia) submit some jobs(j:1738/1739/1740/1741/1742) 2. account2(shajiang) joined in the group xjia which account1 was in. 3. account2 login and try to edit the jobs' whiteboard. Actual results: account2 can edit the jobs submitted by xjia. Expected results: account2 can't edit these non-group jobs. Additional info:
Are you saying that other group members should not be able to edit any details in another members' job? The documentation at [1] states the following "By default the submitter is the only person who can modify the job (except for any member of any group the submitter belongs to; they can ack/nack the job)." Does that also extend to editing the whiteboard? I will let someone else clarify. [1] http://beaker-project.org/docs/user-guide/job-design.html#access-control-for-jobs
This is more or less expected behaviour. Please see bz#1000861. If a system is still configured to use the old behaviour, those docs that Amit linked to do not apply. I've created this bug (bz#1022776) to deal with the Docs problem.