Description of problem: When the current logged in user removes him/herself from a project's maintainer list, he/she still has access to project maintainer actions until navigation to another page occurs. Version-Release number of selected component (if applicable): 2.0.2 How reproducible: Always Steps to Reproduce: 1. Log in as a non-admin user, which is a project maintainer. 2. Go to a maintained project's page. 3. Got to the project's maintainer list. 4. Remove the user from the list. Actual results: The user still has access to add / remove project maintainers. Expected results: After removing the currently logged in user from the list, there should be no access to add or remove project maintainers.
Security flaw when you remove yourself from maintainer list of a project, and yet you still able to add yourself back as maintainer. Implemented fix. Once removed, if you are no longer maintainer, it will redirect to project page. See https://github.com/zanata/zanata/commit/fa4adaf5a4000658a2750e8edc40c1a8bb30b361
Tested with Zanata version 2.1-SNAPSHOT (20130108-1004). The non-admin project maintainsers cannot remove themselves now. Which is not the expected behaviors. Reassigned.
Implemented fix. See https://github.com/zanata/zanata/commit/f8125039cb68454b2bd43d5cb70c4ec63e30bb8d
VERIFIED with Zanata version 2.1-SNAPSHOT (20130108-1249)