Red Hat Bugzilla – Bug 892816
Recently removed project maintainer retains access to project maintainer actions.
Last modified: 2013-02-25 23:06:30 EST
Description of problem:
When the current logged in user removes him/herself from a project's maintainer list, he/she still has access to project maintainer actions until navigation to another page occurs.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Log in as a non-admin user, which is a project maintainer.
2. Go to a maintained project's page.
3. Got to the project's maintainer list.
4. Remove the user from the list.
The user still has access to add / remove project maintainers.
After removing the currently logged in user from the list, there should be no access to add or remove project maintainers.
Security flaw when you remove yourself from maintainer list of a project, and yet you still able to add yourself back as maintainer.
Implemented fix. Once removed, if you are no longer maintainer, it will redirect to project page.
Tested with Zanata version 2.1-SNAPSHOT (20130108-1004).
The non-admin project maintainsers cannot remove themselves now. Which is not the expected behaviors.
VERIFIED with Zanata version 2.1-SNAPSHOT (20130108-1249)