-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Critical
-
Resolution: Won't Fix
-
Affects Version/s: 1.3 Larks
-
Fix Version/s: None
-
Labels:None
Pre-conditions:
User has all permissions for a branch via Poulpe
Steps to reproduce:
Scenario#1
1. Go to a topic in this branch
2. Delete permission VIEW_TOPICS for the User via Poulpe
3. Leave a post in the topic
Actual result: After User write message and sent it, he see message 'Access denied', but this message were left in the topic.
Expected result: User shouldn't be able to leave a post the topic.
3. Move, close or delete the topic
Actual result: User can move, close or delete the topic.
Expected result: User shouldn't be able to move, close or delete the topic.
3. Edit own posts or other posts, quote posts
Actual result: User can edit own posts or others posts, quote posts.
Expected result: User shouldn't be able to edit own posts or others posts, quote posts.
Scenario#2
1. Go to a CR in the branch
2. Delete permission VIEW_TOPICS for the User via Poulpe
3. Leave a comment
Actual result: User can leave a comment.
Expected result: User shouldn't be able to leave a comment.
3. Edit own or others comments, delete own or others comments
Actual result: User can edit own or others comments, delete own or others comments.
Expected result: User shouldn't be able to edit own or others comments, delete own or others comments.
3. Delete or move the CR
Actual result: User can delete or move the CR.
Expected result: User shouldn't be able to delete or move the CR.
