Comment 26 for bug 1525915
Revision history for this message
| Erno Kuvaja (jokke) wrote Re: Normal user can change image status if show_multiple_locations has been set to true | #26 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Hi Tristan,
Re #23:
* User can only perform these actions on the image it owns. (Regardless the original creator and visibility settings.)
* Yes the backwards incompatible part is that our API has previously allowed removing all locations from image (which has been documented feature) but this transition back to queued opens the vulnerability on the process. This fix might break some users who are relying the false assumption that it would be ok to replace the data of existing image in the special case that the multiple locations has been configured.