[MAGNOLIA-1265] User Dialog allows to add denied Roles Created: 12/Dec/06 Updated: 23/Jan/13 Resolved: 15/Aug/08 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | admininterface, core, security |
| Affects Version/s: | 3.0.1 |
| Fix Version/s: | 3.6.2, 3.6.3 |
| Type: | Improvement | Priority: | Major |
| Reporter: | Claudio Greuter | Assignee: | Jan Haderka |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Magnolia 3 RC4 |
||
| Issue Links: |
|
||||||||||||||||
| Template: |
|
||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||||||||||
| Description |
|
I created a User whose role denies him access to certain roles like superuser, editor etc. The goal was to create a limited user manager that only can assign certain roles to new users. after setting the required role access to denied, the "Choose" button in the "new user" dialog correctly showed only the allowed roles. This behaviour allows a limited user to bypass the Rights. In my opinioon it should be checked on Save if the user has read access to the Role or not. |