View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0008332||mantisbt||administration||public||2007-09-04 06:19||2007-09-04 06:19|
|Summary||0008332: bug #00008324 manage_project_threshold problems|
I question the correctness on how bug 0008324 was solved. It creates some strange situations.
a) example when a user is created on global level: developer and i give him level: manager on a project. With fix 0008324, and $g_manage_user_threshold = MANAGER; in the config_inc.php file this user will not be able to be a user manager for the project. only if the user is set on global level manager will it work.
This can be fixed with replacing access_has_global_level() with access_has_project_level() in the patch from 0008324.
But then this also has to be done on all manageuser*.php pages like manage_user_page.php
b) (this might has to be created as a new bug report, you decide). If a user is a global manager level it can create new users with level administrator. This should probably not be possible as the user can elevate his own level by using this.
|Tags||No tags attached.|