Bug #2387: Backend has no authorization checks - CB GroupJive - Joomlapolis forge

Actions

Copy link

Bug #2387

closed

Backend has no authorization checks

Added by beat about 13 years ago. Updated about 13 years ago.

Status:

Closed

Priority:

Normal

Assignee:

beat

Target version:

2.0

Start date:

09 March 2011

Due date:

% Done:

100%

Estimated time:

Description

In backend, e.g. deleteGroup() function, there is no authorizations checks. Means also simple managers or anyone with a limited backend access can do anything in groupjive.

Imho, authorization checks are needed in backend too, with admins and super-admins having all rights.

History
Notes
Property changes

Actions

Copy link

Updated by krileon about 13 years ago

Status changed from New to Resolved
Assignee changed from krileon to beat
% Done changed from 0 to 100

Fixed in r1623

Actions

Copy link

Updated by krileon about 13 years ago

Status changed from Resolved to Closed

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Incubator » CB GroupJive

Custom queries

Bug #2387

Backend has no authorization checks

Updated by krileon about 13 years ago

Updated by krileon about 13 years ago