Bug 1166451 - Normal user can access copy to new version action for non-maintained project
Summary: Normal user can access copy to new version action for non-maintained project
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Zanata
Classification: Retired
Component: Component-UI
Version: 3.5
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 3.6
Assignee: Alex Eng
QA Contact: Zanata-QA Mailling List
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-11-21 01:47 UTC by Damian Jansen
Modified: 2015-03-19 07:10 UTC (History)
2 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2015-03-19 07:10:17 UTC


Attachments (Terms of Use)

Description Damian Jansen 2014-11-21 01:47:36 UTC
Description of problem:
A normal logged in user can click the "Copy to new version" menu option for a project they do not maintain.  Completing the action is denied due to a final permission check, but it should not appear.

Version-Release number of selected component (if applicable):
3.5

How reproducible:
Easy always

Steps to Reproduce:
1. Sign in as a regular user
2. Go to any project, project version
3. Click the [...] and select Copy to new version

Actual results:
New version page is displayed

Expected results:
No option visible to the user

Additional info:

Comment 1 Alex Eng 2014-11-21 03:16:59 UTC
Pull request:
https://github.com/zanata/zanata-server/pull/638

Comment 2 Ding-Yi Chen 2014-11-23 23:55:11 UTC
VERIFIED with Zanata 3.6.0-SNAPSHOT (git-jenkins-zanata-server-github-pull-requests-2325) 

(By Damian)


Note You need to log in before you can comment on or make changes to this bug.