search

tildaslash / RatticWeb

Password Management for Humans
http://rattic.org/
GNU General Public License v2.0
475 stars 149 forks source link

Regular users can edit/remove globally tags. #431

Open gionniboy opened 8 years ago

gionniboy commented 8 years ago

ratticweb v1.3.1 [i add more info at the bottom of this issue]

As an admin, I can add tags during password creation. Regular users can view the password and his tags, and can edit tags names. These tags are going to be globally applied. Even if regular user can't see the password of tags, he can edit and totally remove a tag. This edit will apply globally.

So, if you use tags to have more granularity every user can change tags and destroy your logic :D this is a serious bug, imho.

Thanks for your works and keep it up.

Gionni

root@ratticdb:~# uname -a
Linux ratticdb 3.19.0-51-generic #57~14.04.1-Ubuntu SMP Fri Feb 19 14:36:55 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
root@ratticdb:~# cat /etc/issue
Ubuntu 14.04.4 LTS \n \l
root@ratticdb:~# pip freeze
Django==1.6.11
Flask==0.10.1
Jinja2==2.8
Landscape-Client==14.12
Markdown==2.4.1
MarkupSafe==0.23
MySQL-python==1.2.3
PAM==0.4.2
Pillow==2.3.2
South==0.8.4
Twisted-Core==13.2.0
Werkzeug==0.11.4
amqp==1.4.9
anyjson==0.3.3
apt-xapian-index==0.45
argparse==1.2.1
billiard==3.3.0.22
boto==2.26.1
celery==3.1.20
chardet==2.0.1
colorama==0.2.5
configobj==4.7.2
db-backup==0.1.3
django-auth-ldap==1.1.8
django-celery==3.1.16
django-database-files==0.1
django-nose==1.4.3
django-otp==0.2.7
django-social-auth==0.7.28
django-tastypie==0.9.15
django-two-factor-auth==0.5.0
django-user-sessions==0.1.3
ecdsa==0.13
funcsigs==0.4
html5lib==0.999
httplib2==0.9.2
httpretty==0.8.10
importlib==1.0.3
iotop==0.6
itsdangerous==0.24
keepassdb==0.2.1
kombu==3.0.26
lxml==3.3.3
mimeparse==0.1.3
mock==1.3.0
moto==0.4.22
nose==1.3.7
nose-testconfig==0.10
oauth2==1.9.0.post1
paramiko==1.15.2
pbr==1.8.1
pep8==1.5.0
pyOpenSSL==0.13
pyasn1==0.1.7
pycrypto==2.6.1
pyflakes==1.0.0
pyserial==2.6
python-apt==0.9.3.5ubuntu2
python-dateutil==2.1
python-debian==0.1.21-nmu2ubuntu2
python-ldap==2.4.10
python-mimeparse==0.1.4
python-openid==2.2.5
pytz==2015.7
qrcode==4.0.4
requests==2.2.1
selenium==2.52.0
six==1.6.1
ssh-import-id==3.21
urldecode==0.1
urllib3==1.7.1
wheel==0.24.0
wsgiref==0.1.2
xmltodict==0.9.2
zope.interface==4.0.5