Actions
Bug #2387
closedBackend has no authorization checks
Description
In backend, e.g. deleteGroup() function, there is no authorizations checks. Means also simple managers or anyone with a limited backend access can do anything in groupjive.
Imho, authorization checks are needed in backend too, with admins and super-admins having all rights.
Updated by krileon almost 14 years ago
- Status changed from New to Resolved
- Assignee changed from krileon to beat
- % Done changed from 0 to 100
Fixed in r1623
Actions