Uploaded image for project: 'Zeppelin'
  1. Zeppelin
  2. ZEPPELIN-3096

a non owner of a note can change notes permissions

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 0.7.3
    • Fix Version/s: None
    • Component/s: security
    • Labels:
      None
    • Environment:

      linux ubuntu 17.10

      Description

      when i am on a note as a user that is only Reader , i can change the permissions on this note and it is succsessfully done.

      example:
      admin is owner and writer on this note and jdcuser is reader (screenshot-1). I am logged as jdcuser (screenshot-1)

      then i can add jdcuser as writer (or owner it works screenshot-2)

      and then save this; it is done successfuly (screenshot-3).

      the other permissions are ok; jdcuser can't access to interpretter or to change the mode of the note.

        Attachments

        1. screenshot-1.png
          43 kB
          gilbert marx
        2. screenshot-2.png
          44 kB
          gilbert marx
        3. screenshot-3.png
          46 kB
          gilbert marx

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                gilbertmrx gilbert marx
              • Votes:
                1 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated: