This is a leftover from MAGNOLIA-574 : since the task was closed ignoring my comments and no other task is listed for 3.6.2 I am adding this as a separate issue since IMHO magnolia 3.6.2 can't be released as is now...

After the change in MAGNOLIA-574 and related now every user (at least with a read only access to the user repository) can self-change its role to superuser using the preference dialog linked to the user name.
Just create a user with a editor role and readonly access to userroles: he can just type "/superuser" in its preference dialog to gain full access.

The are multiple issues/tasks associated to this:

• user should not be have read/write permissions to the acls by default, this should be strictly forbidden unless explicitely added by a superuser
• the preference box dialog should not list group/roles (it makes no sense, just name me another app where users have a similar thing in their preference page!)
• a bug in the bug: if the user enters a role he doesn't have read rights for in the preference page the user node gets corrupted and can't be edited anymore

as previously discussed, IMHO a better solution would be allowing only readonly access to own user node by default and using a custom save handler for the preference page which allow editing of checked properties using a system operation. User preferences should use obviously a different dialog from the standard user edit dialog.

Nobody else cares about this?