See https://bugs.launchpad.net/mahara/+bug/603044
Permissions for this are now loose again, but I have hopefully fixed the drop-down error by forcing the join type to stay the same if you're editing a group with a jointype you don't have permission to create. -- Ordinary group members can be promoted to be an admin of "controlled" or "course" groups. https://bugs.launchpad.net/bugs/492009 You received this bug notification because you are a member of Mahara Core, which is a direct subscriber. Status in Mahara ePortfolio: Fix Released Bug description: Ordinary group members (those who are not site or institution admins or staff) can be promoted to be admins of "standard.controlled", "course.controlled" and "course.request" groups through Group->Members->"Change Role" interface (/group/changerole.php). This should not be permitted. When the ordinary user is promoted to be such admin, not only the error on group_get_grouptype_options() function call will pop-up (group type drop-down menu), as ordinary user can only be admin of invite/request/open standard groups, but also such user can remove original group admin and institution or site admin will end up having uncontrolled "course group". _______________________________________________ Mailing list: https://launchpad.net/~mahara-core Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-core More help : https://help.launchpad.net/ListHelp
