View Issue Details

IDProjectCategoryView StatusLast Update
0004208Composrcore_cnspublic2020-05-10 00:59
ReporterChris GrahamAssigned To 
Severityfeature 
Status non-assignedResolutionopen 
Product Version 
Fixed in Version 
Summary0004208: Define usergroup superiority
DescriptionCurrently a non-admin cannot set the usergroup for new members they manually add.
This is a security consideration, as Composr cannot know which usergroups are considered inferior to the member's own usergrroup. If they were able to pick a superior group, it would be a privilege escalation vulnerability.

Allow specifying what permissive usergroups a usergroup is superior to, and then Composr would allow them to manage user membership within those usergroups.
Additional Informationhttps://compo.sr/forum/topicview/browse/designing/help-with-assigning.htm
TagsNo tags attached.
Attach Tags
Time estimation (hours)2
Sponsorship open

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2020-04-24 20:03 Chris Graham New Issue