This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 864712 - Copy trans in project page available for any users
Copy trans in project page available for any users
Status: CLOSED CURRENTRELEASE
Product: Zanata
Classification: Community
Component: Security (Show other bugs)
development
Unspecified Unspecified
unspecified Severity unspecified
: ---
: 2.0
Assigned To: Alex Eng
Ding-Yi Chen
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-10-09 19:57 EDT by Alex Eng
Modified: 2012-11-07 01:19 EST (History)
1 user (show)

See Also:
Fixed In Version: 1.8.0-SNAPSHOT (20121016-1428)
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-11-07 01:19:35 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Alex Eng 2012-10-09 19:57:21 EDT
Description of problem:
Copy trans in project page available for any users and not restricted

Version-Release number of selected component (if applicable):
2.0

How reproducible:
Always

Steps to Reproduce:
1. Login in Zanata as normal user.
2. Go to any project and click "Copy Trans Options"
3. Make changes in option and click save
  
Actual results:
Save successful


Expected results:
Only project maintainer/admin should be able to perform copy trans

Additional info:
Comment 1 Alex Eng 2012-10-09 20:20:31 EDT
Implemented security check on copy trans option in project page.
Restricted only to project maintainers and admin.
See https://github.com/zanata/zanata/commit/bcb08c86f97c3187b98d0614ddcbe9c761a79fc9
Comment 2 Ding-Yi Chen 2012-10-11 21:20:32 EDT
Tested with Zanata version 1.8.0-SNAPSHOT (20121012-0031)

Error message "You do not have permission to access this resource" appears for non-admin project maintainers.

Reassigned.
Comment 3 Alex Eng 2012-10-11 23:58:50 EDT
Fixed security issue. 

See
https://github.com/zanata/zanata/commit/293c0fd8df9e6f63f2a9a89b51bea6f3a8347bd6
Comment 4 Ding-Yi Chen 2012-10-16 02:11:49 EDT
VERIFIED with Zanata version 1.8.0-SNAPSHOT (20121016-1428)
Comment 5 Sean Flanigan 2012-11-07 01:19:35 EST
Fix released in Zanata 2.0.

Note You need to log in before you can comment on or make changes to this bug.