-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67624/
-----------------------------------------------------------
Review request for ranger, Gautam Borad, Mehul Parikh, Pradeep Agrawal, and
Velmurugan Periasamy.
Bugs: RANGER-2130
https://issues.apache.org/jira/browse/RANGER-2130
Repository: ranger
Description
-------
In the rangeradmin ui, on the users page, after clicking on a user. If you edit
the html on the site (ie in Chrome) you can remove the 'disabled' tag so that
the role of User becomes ungreyed out and you can change the role from User to
Admin!
Also user able to see other role in the system.
Diffs
-----
security-admin/src/main/webapp/scripts/models/VXPortalUser.js 0292ceb
security-admin/src/main/webapp/scripts/views/users/UserForm.js ee0d256
Diff: https://reviews.apache.org/r/67624/diff/1/
Testing
-------
1. Any Users can not change their role through profile page option even after
enabling role field throught inspect element chrome feature.(Also user can't
see other role in the role drop-down)
2. Admin is able to change other Admin user’s role.
3. Admin is able to view & update other user's roles through UI
4. Other Admin role user able change role of user which has name "admin".
Thanks,
Nitin Galave
