[JC-1236] User can edit other posts without EDIT_OTHERS_POSTS permission being granted - JTalks JIRA

Voters

Watchers

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Duplicate
Affects Version/s: 1.2 Larks
Fix Version/s: None
Labels:
None

Description

1. User1 and User2 have EDIT_POSTS permission, but do not have EDIT_OTHERS_POSTS
2. User1 leaves an answer, the page is left open, do not close it.
3. Open another page and log out there
4. Log in with User2, open previous tab where you still have Edit button available.
5. Press the button, change the post and confirm your action.

AR: user will be able to edit post even though she has no permissions for that
ER: user is getting Permissions Denied error after sending the updates

Attachments

Issue Links

is duplicated by

JC-1284 User can edit his own posts whithout permission EDIT_OWN_POSTS

Closed

relates to

JC-1183 Permission EDIT_OTHER_POSTS should't give the rights to edit own messages and topics.

Closed

JC-1314 User can delete posts of another user if he has permission to delete his own posts

Closed

JC-2161 "Edit" button is present without "EDIT_OWN_POSTS" permissions

Closed

Structure

Activity

People

Assignee:

Stanislav Bashkyrtsev

Reporter:

Vyacheslav Mishcheryakov

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

02/Jan/13 3:12 PM

Updated:

02/Mar/15 12:21 AM

Resolved:

17/Feb/13 8:06 PM