Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
0.6.2
-
None
-
None
Description
Currently anonymous user can do something in note permission setting page.
e.g. the anonymous user can type "admin" / "user1" to the permission setting fields since we don't check the user's principal for this.
It doesn't make sense actually. At least we should disallow the non-authenticated users by deactivating those permission related features i think.
Attachments
Issue Links
- links to