A group member should not be able to change folders' rights
Bug #751134 reported by
Dominique-Alain JAN
This bug report is a duplicate of:
Bug #631189: Non-group admin can manage group views and group files.
Edit
Remove
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Triaged
|
High
|
Unassigned |
Bug Description
In a "Course group", a folder is created and its "member" rights changed to "View" and "Edit" but not "Publish". When a users are connected with the role of "member", they can change rights on this folder, with the following issues:
1) they can uncheck "View" and then the folder is no more accessible to users with the "member" role :-)
2) they can check "Publish" and the use files in views, which was not what group manager wanted
3) they can uncheck/check all tutor's rights and make the file no more accessible for tutors :-)))
Moreover, the display of rights for each role, should be in an hierarchical order: "Admin"; "Tutor"; "Member"
Changed in mahara: | |
importance: | Undecided → Medium |
importance: | Medium → High |
milestone: | none → 1.4.0 |
status: | New → Triaged |
To post a comment you must log in.
This is intended behaviour I think - if you don't want group members to be able to change group folder permissions, you should uncheck 'Edit' permission on the folder.