[Bug 5419] non-Administrators can assign themselves and other non-Administrators to the Administrators role
- From: bugzilla-daemon (at) xaraya.com
- Date: Sat, 11 Feb 2006 16:45:45 +0000 (GMT)
Please do not reply directly to this message. All additional comments should
be made in the comments box of this bug report.
http://bugs.xaraya.com/show_bug.cgi?id=5419
------- Additional Comments From ryandw (at) gmail.com 2006-02-11 16:45 GMT -------
I have created a privilege called AdminRolesStaff which has admin level
privileges for the roles component of the roles module. This privilege is a
child of a privilige called StaffAccess. StaffAccess has been assigned to a
group role called Staff. The user ryanstaff has been assigned to the Staff
group role. ryanstaff cannot edit roles... the names are greyed out when
ryanstaff goes to ?module=roles&type=admin&func=showusers
When I log in as an administrator, I can view ryanstaff's privileges to confirm
that he has the 800 level (admin) privilege for AdminRolesStaff.
The only thing I can think of that might be a problem is that I'm not sure what
to do with "Allow instances of component Roles that have". I have tried leaving
it blank, and I have also tried entering names of roles and IDs of roles, to no
avail.
--
Configure bugmail: http://bugs.xaraya.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
_______________________________________________
Xaraya_bugs mailing list
Xaraya_bugs (at) xaraya.com
http://xaraya.com/mailman/listinfo/xaraya_bugs