[ZEPPELIN-3096] a non owner of a note can change notes permissions - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 0.7.3
Fix Version/s: None
Component/s: security
Labels:
None
Environment:

linux ubuntu 17.10

Description

when i am on a note as a user that is only Reader , i can change the permissions on this note and it is succsessfully done.

example:
admin is owner and writer on this note and jdcuser is reader (screenshot-1). I am logged as jdcuser (screenshot-1)

then i can add jdcuser as writer (or owner it works screenshot-2)

and then save this; it is done successfuly (screenshot-3).

the other permissions are ok; jdcuser can't access to interpretter or to change the mode of the note.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

screenshot-3.png
07/Dec/17 17:55
46 kB
gilbert marx
screenshot-2.png
07/Dec/17 17:54
44 kB
gilbert marx
screenshot-1.png
07/Dec/17 17:53
43 kB
gilbert marx

Issue Links

is duplicated by

ZEPPELIN-2980 Issues found through editing Note Permission

Open

Activity

People

Assignee:: Unassigned

Reporter:: gilbert marx

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 07/Dec/17 17:45

Updated:: 26/Jul/18 13:26