-
-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
All users have administrator privileges #198
Comments
It's the awesome project! Nice GUI to run ansible tasks. Many thanks to the author! But, because of this issue, I'm not able to use it in my organisation :( |
@Nikopol315 as for 2.0.4, only user with admin rights can perfom admin actions in project, but buttons (and links) still visibly for all users.
|
Thanks for reporting |
Any ideas on when the fixes will be merged? |
hmm soon hopefully. Haven't given much attention to this project recently unfortunately. |
fixed by #405 |
I'm confused, why all users have administrator privileges(every user can change a password of other users)?
It seems to be a big security leak. Isn't it?
If a user does not have an access to the project, it can easily change a password of another user, who has admin privileges. Then, it can login as a project administrator user and give the same admin privileges for the project to the any user
The text was updated successfully, but these errors were encountered: