Permissions issue: Member can change role of other team members - Githubissues

unkeyed / unkey

Open source API management platform

https://go.unkey.com

Other

4k stars 468 forks source link

Permissions issue: Member can change role of other team members #549

Closed bipulpoudel closed 11 months ago

bipulpoudel commented 11 months ago

Preliminary Checks

[X] I have reviewed the documentation: https://unkey.dev/docs
[X] I have searched for existing issues: https://github.com/unkeyed/unkey/issues
[X] This issue is not a question, general help request, or anything other than a bug report directly related to Unkey. Please ask questions in our Discord community: https://unkey.dev/discord.

Reproduction / Replay Link (Optional)

No response

Description

User with member role can change the role for other users in Settings-> Team page.

Steps to reproduce:

Invite a member in Settings->Team page
Invite with Role as "Member"
Login with invited user.
Visit Settings->Team page
Member can change other user's role to "Admin".

Expected behavior:

User with role "Member" shouldn't be able to change role for other users.

Actual behavior:

User with role "Member" can change role for other users.

Environment

No response

bipulpoudel commented 11 months ago

I am working on this issue :)