1166451 – Normal user can access copy to new version action for non-maintained project

Bug 1166451 - Normal user can access copy to new version action for non-maintained project

Summary: Normal user can access copy to new version action for non-maintained project

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Zanata
Classification:	Retired
Component:	Component-UI
Sub Component:
Version:	3.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	3.6
Assignee:	Alex Eng
QA Contact:	Zanata-QA Mailling List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-11-21 01:47 UTC by Damian Jansen
Modified:	2015-03-19 07:10 UTC (History)
CC List:	2 users (show)
Fixed In Version:	3.6.0-SNAPSHOT (git-jenkins-zanata-server-github-pull-requests-2325)
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2015-03-19 07:10:17 UTC

Attachments	(Terms of Use)

Description Damian Jansen 2014-11-21 01:47:36 UTC

Description of problem:
A normal logged in user can click the "Copy to new version" menu option for a project they do not maintain.  Completing the action is denied due to a final permission check, but it should not appear.

Version-Release number of selected component (if applicable):
3.5

How reproducible:
Easy always

Steps to Reproduce:
1. Sign in as a regular user
2. Go to any project, project version
3. Click the [...] and select Copy to new version

Actual results:
New version page is displayed

Expected results:
No option visible to the user

Additional info:

Comment 1 Alex Eng 2014-11-21 03:16:59 UTC

Pull request:
https://github.com/zanata/zanata-server/pull/638

Comment 2 Ding-Yi Chen 2014-11-23 23:55:11 UTC

VERIFIED with Zanata 3.6.0-SNAPSHOT (git-jenkins-zanata-server-github-pull-requests-2325) 

(By Damian)

Note You need to log in before you can comment on or make changes to this bug.