Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User without edit rights can modify any other user's form #95

Closed
tinok opened this issue Jun 24, 2015 · 2 comments
Closed

User without edit rights can modify any other user's form #95

tinok opened this issue Jun 24, 2015 · 2 comments
Assignees
@jnm
Labels
bug Things broken and not working as expected

Comments

@tinok
Copy link
Member

tinok commented Jun 24, 2015

Any form created by a user (and not shared with anyone) is editable by any other user.
@tinok tinok added the bug Things broken and not working as expected label Jun 24, 2015
@tinok tinok changed the title User without edit rights can modify shared form User without edit rights can modify any other user's form Jun 24, 2015
@jnm
Copy link
Member

jnm commented Jun 24, 2015

@tinok, were you checking this with kobo by chance? It looks like that account has superuser access. I tried accessing an unshared form owned by tino from my juanito account, and it failed with an ugly 500. Correcting that is tracked at #98.

@jnm
Copy link
Member

jnm commented Jun 24, 2015

There's a migration issue where existing users in a pre-kpi database don't get the necessary model-level permissions. It's tracked at #101. Until that's fixed, it's likely that users who aren't superusers won't be able to do anything useful on staging.

@jnm jnm closed this as completed Jun 24, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jnm jnm

Labels
bug Things broken and not working as expected
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tinok @jnm