View Issue Details

IDProjectCategoryView StatusLast Update
4208Composrcore_cnspublic2022-08-15 01:15
ReporterChris Graham Assigned ToGuest  
PrioritynormalSeverityfeature 
Status newResolutionopen 
Summary4208: Define usergroup superiority to allow non-admin staff to specify the usergroups of members
DescriptionCurrently a non-admin cannot set the usergroup for new members they manually add.
This is a security consideration, as Composr cannot know which usergroups are considered inferior to the member's own usergrroup. If they were able to pick a superior group, it would be a privilege escalation vulnerability.

Allow specifying what permissive usergroups a usergroup is superior to, and then Composr would allow them to manage user membership within those usergroups.
Additional Informationhttps://compo.sr/forum/topicview/browse/designing/help-with-assigning.htm
TagsNo tags attached.
Attach Tags
Time estimation (hours)2
Sponsorship open

Sponsor

Date Added Member Amount Sponsored

Activities

There are no notes attached to this issue.

Add Note

View Status
Note
Upload Files
Maximum size: 32,768 KiB

Attach files by dragging & dropping, selecting or pasting them.
You are not logged in You are not logged in. This means you will not get any e-mail notifications. And if you reply, we will not know for sure you are the original poster of the issue.

Issue History

Date Modified Username Field Change
2020-04-24 20:03 Chris Graham New Issue
2022-08-15 01:15 Chris Graham Summary Define usergroup superiority => Define usergroup superiority to allow non-admin staff to specify the usergroups of members