Project

General

Profile

Actions
Copy link

Bug #36020

open

Non-admin user with org admin role can add/modify users to place them into organizations they are not assigned to

Added by Adam Ruzicka over 1 year ago. Updated over 1 year ago.

Status:
Ready For Testing
Priority:
Normal
Assignee:
Adam Ruzicka
Category:
Users, Roles and Permissions
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
2095141
Pull request:
https://github.com/theforeman/foreman/pull/9609
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

1. Create 2 Organizations - O1 and O2
2. Create a user test and assign the organization admin role. Assign O1 organization to test user.
3. Login with the test user and try to create a new user, here test user can list and assign the O2 organizations while creating a new user. Which test should not be able to do because the test is the organization admin of the O1 organization only.
4. Login with the test user and try to edit the test user profile, under the organization tab, the test user can assign O2 organization to itself.

Actions
Copy link
 #1

Updated by The Foreman Bot over 1 year ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/9609 added
Actions
Copy link

Also available in: Atom PDF