Bonjour,
Thank for your efforts !
In the class SentryUser, I think you should check the admin status before updating the group membership. Otherwise, member updated will clear all membership and fake requests could provide all memberships to user.
Cheers.
rydurham
commented
10 years ago
Bonjour, Thank for your efforts ! In the class SentryUser, I think you should check the admin status before updating the group membership. Otherwise, member updated will clear all membership and fake requests could provide all memberships to user. Cheers.