Mahara: master DB: postgres OS: Linus Browser: Firefox
Unfortunately, with the fix for this bug: https://bugs.launchpad.net/mahara/+bug/1607231
Another bug was introduced.
A non-admin role can edit the group if they know the URL and group id.
The user can directly input the URL of the edit page and save the data:
* http://my.mahara/group/edit.php?id=3
There is no check to make sure the user has admin role.
Mahara: master
DB: postgres
OS: Linus
Browser: Firefox
Unfortunately, with the fix for this bug: https:/ /bugs.launchpad .net/mahara/ +bug/1607231
Another bug was introduced.
A non-admin role can edit the group if they know the URL and group id.
The user can directly input the URL of the edit page and save the data:
* http:// my.mahara/ group/edit. php?id= 3
There is no check to make sure the user has admin role.