Fixing authorization issues on user and group page - Githubissues

gate-sso / gate

Gate is MFA Enabled SSO Platform that supports SAML, OAuth, Linux shell login and CAS

https://gate-sso.github.io

MIT License

203 stars 53 forks source link

Fixing authorization issues on user and group page #133

Closed giosakti closed 5 years ago

giosakti commented 5 years ago

There are issues in some pages where people without privileges can see the button for doing privileged actions:

In user profile page, normal user can see the button to regenerate token for anybody
In user profile page, normal user can see the button to update public key for anybody
In group page, group admin can assign another group admin (this capability should only be given to site-wide admin / super admin)
In group page, group admin of another group can see the button to assign member in any group page

I'm working on this

giosakti commented 5 years ago

see PR #134