google-code-export / cpassman

Automatically exported from code.google.com/p/cpassman
0 stars 0 forks source link

User that has access to the folder can easly delete edit all passwords #206

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Pre:
1. Set up roles so there is two users that has access to the same folders. (no 
managers)
2. Create some passwords using one user1

Act:
1. Login as user2
2. Try to see password created by user1
3. Try to delete/update the password (result: you are not able)
4. Create in the same folder another password with currently logged user
5. Save
6. Click on the same password that in step 2.
7. Click delete

Result:
1. Users can easily delete others passwords.

Expected:
1. User should be able to delete/edit passwords he created.
What is the expected output? What do you see instead?

Version 2.0
Browser FF8.0

Original issue reported on code.google.com by mateusz....@gmail.com on 12 Dec 2011 at 3:18

GoogleCodeExporter commented 9 years ago
Would really like to see this fixed, one workaround is go make the user 'Read 
Only' but then they are unable to use their personal folder or edit passwords 
that they have been granted to edit.

Original comment by linhqt...@gmail.com on 5 Jun 2012 at 5:13

GoogleCodeExporter commented 9 years ago
Hello,

I missed this issue.
It is corrected in 2.1.8

You can download it using the branch 2.1.8 because not yet released.

Nils

Original comment by nils.cpa...@gmail.com on 10 Jun 2012 at 9:02