View Issue Details

IDProjectCategoryView StatusLast Update
0004208Composrcore_cnspublic2020-05-10 00:59
ReporterChris GrahamAssigned To 
Status non-assignedResolutionopen 
Product Version 
Fixed in Version 
Summary0004208: Define usergroup superiority
DescriptionCurrently a non-admin cannot set the usergroup for new members they manually add.
This is a security consideration, as Composr cannot know which usergroups are considered inferior to the member's own usergrroup. If they were able to pick a superior group, it would be a privilege escalation vulnerability.

Allow specifying what permissive usergroups a usergroup is superior to, and then Composr would allow them to manage user membership within those usergroups.
Additional Information
TagsNo tags attached.
Attach Tags
Time estimation (hours)2
Sponsorship open


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2020-04-24 20:03 Chris Graham New Issue