Check permissions and remove user suspension code from admin/users/search.json.php
Bug #771614 reported by
Richard Mansfield
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
High
|
Richard Mansfield | ||
1.2 |
Fix Released
|
High
|
Richard Mansfield | ||
1.3 |
Fix Released
|
High
|
Richard Mansfield |
Bug Description
At one time, users could be suspended directly from the admin user search page.
The json script which fetches search results still allows suspension of users, and doesn't check institutional admin permission.
CVE References
visibility: | private → public |
Changed in mahara: | |
status: | In Progress → Fix Committed |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.