JCommuneIcon indicating the project type

JCommune

Uploaded image for project: 'JCommune'
  1. JCommune
  2. JC-1237

User can delete other posts without DELETE_OTHERS_POSTS permission being granted

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 1.2 Larks
    • Fix Version/s: 1.4 Larks
    • Labels:
      None

      Description

      1. User1 and User2 have DELETE_POSTS permission, but do not have DELETE_OTHERS_POSTS
      2. User1 leaves an answer, the page is left open, do not close it.
      3. Open another page and log out there
      4. Log in with User2, open previous tab where you still have Delete button available.
      5. Press the button and delete the post.

      AR: user will be able to delete post even though she has no permissions for that
      ER: user is getting Permissions Denied error after sending the updates

        Attachments

          Issue Links

          is cloned by

          Bug - A problem which impairs or prevents the functions of the product. JC-1314 User can delete posts of another user if he has permission to delete his own posts

          • Major - Major loss of function.
          • Closed

            Activity

            There are no comments yet on this issue.

              People

              • Assignee:
                ctapobep Stanislav Bashkyrtsev
                Reporter:
                lamao Vyacheslav Mishcheryakov
              • Votes:
                0 Vote for this issue
                Watchers:
                Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Structure Helper Panel