Status: Accepted
Owner: ----
Labels: Type-Defect
New issue 2332 by [email protected]: Authenticated user not assigned to a
group can add, edit, and delete repositories
http://code.google.com/p/qubit-toolkit/issues/detail?id=2332
To reproduce this error:
========================
1)Log in as an administrator and create a new user
2)Do not assign the new user to any groups; log out
3)Log in as the new (now authenticated) user
4)Navigate to repositories and select a repository
Resulting error:
================
Authenticated user with no permissions will have the Edit, Delete, and Add
New buttons available, and can successfully act on these options (e.g.,
delete a repository)
Expected result:
================
An authenticated user with no permissions should not be able to add, edit,
or delete repositories.
System should require all authenticated users to be assigned to a group.
Notes:
================
This same error is true of other users who belong to groups which should
not require this function: e.g. a translator.
When viewing the page without authentication (ie, without logging in as a
user), repositories can be viewed but not altered or deleted --> this is
the expected behavior for the authenticated user as well.
--
You received this message because you are subscribed to the Google Groups "Qubit
Toolkit Issues" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/qubit-issues?hl=en.
