Uploaded image for project: 'JCommune'
  1. JCommune
  2. JC-1786

Edit profile without permissions

VotersWatchers
    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.5 Larks
    • Fix Version/s: 2.7 Larks
    • Labels:
      None
    • Sprint:
      2.7 Larks

      Description

      Preconditions

      1. You should install Fiddler
      2. User should have permissions to edit his profile

      Steps to reproduce

      1. Login on forum, try to edit your profile
      2. Go to Poulpe
      3. Add your user group in restricted for EDIT_OWN_PROFILE and EDIT_OTHERS_PROFILE
      4. Create Post query to edit profile in Fiddler with your cookies

      AR Profile is edited
      ER You cannot edit your profile

      Note: with user cookies created on first step, user can edit everyone's profile.

        Attachments

        1. Admin Panel.jpg
          67 kB
          Alla
        2. Fiddler Debugger.jpg
          44 kB
          Alla
        3. Query to edit admin profile.jpg
          44 kB
          Alla
        4. User-admin.jpg
          47 kB
          Alla

          Structure

            Activity

              People

              • Assignee:
                Foxy Alla
                Reporter:
                Foxy Alla
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Structure Helper Panel