Bug 1166451 - Normal user can access copy to new version action for non-maintained project
Normal user can access copy to new version action for non-maintained project
Status: CLOSED CURRENTRELEASE
Product: Zanata
Classification: Community
Component: Component-UI (Show other bugs)
3.5
Unspecified Unspecified
unspecified Severity medium
: ---
: 3.6
Assigned To: Alex Eng
Zanata-QA Mailling List
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2014-11-20 20:47 EST by Damian Jansen
Modified: 2015-03-19 03:10 EDT (History)
2 users (show)

See Also:
Fixed In Version: 3.6.0-SNAPSHOT (git-jenkins-zanata-server-github-pull-requests-2325)
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-03-19 03:10:17 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Damian Jansen 2014-11-20 20:47:36 EST
Description of problem:
A normal logged in user can click the "Copy to new version" menu option for a project they do not maintain.  Completing the action is denied due to a final permission check, but it should not appear.

Version-Release number of selected component (if applicable):
3.5

How reproducible:
Easy always

Steps to Reproduce:
1. Sign in as a regular user
2. Go to any project, project version
3. Click the [...] and select Copy to new version

Actual results:
New version page is displayed

Expected results:
No option visible to the user

Additional info:
Comment 1 Alex Eng 2014-11-20 22:16:59 EST
Pull request:
https://github.com/zanata/zanata-server/pull/638
Comment 2 Ding-Yi Chen 2014-11-23 18:55:11 EST
VERIFIED with Zanata 3.6.0-SNAPSHOT (git-jenkins-zanata-server-github-pull-requests-2325) 

(By Damian)

Note You need to log in before you can comment on or make changes to this bug.