[ROL-826] Author of multi-user blog has access to the settings of blog although he's not an administrator - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.0
Fix Version/s: 2.0
Component/s: Authentication, Roles and Access Controls
Labels:
None
Environment:
blogs.sfbay.sun.com testing environment

Browser Version:
firefox
Customer(s):
blogs.sun.com

Description

Testing the multi-author feature, I had the following accesses:
my blog: Admin
blog2: author.

In the main menu panel, for each blog there is a list of actions that I can do: New entries, Edit Entries, Settings.
The Settings action is present for blog2 although I'm just an author and shouldn't be able to change any settings in the blog2.
Clicking on Settings display a Permission Denied page with possible reasons.

This is a usability issue. The settings link should have been disabled.

Attachments

Activity

People

Assignee:: David Johnson

Reporter:: ludovic poitou

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 21/Sep/05 08:02

Updated:: 08/Jan/14 04:18

Resolved:: 21/Sep/05 12:37